Guidance for NIST 800-171 Assessment & Compliance

Zoom Window Out
Larger Text | Smaller Text
Hide Page Header
Show Expanding Text
Printable Version
Save Permalink URL

Navigation: SA-FAMILY: SYSTEM AND SERVICES ACQUISITION

SA-19 COMPONENT AUTHENTICITY

Scroll Prev Top Next More

Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

(O)ther than satisfactory +##

###

sa-19	component authenticity
	assessment objective: Determine if the organization:
	sa-19(a)	develops and implements anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the information system;
	sa-19(b)	sa-19(b)[1]	defines external reporting organizations to whom counterfeit information system components are to be reported;
		sa-19(b)[2]	defines personnel or roles to whom counterfeit information system components are to be reported;
		sa-19(b)[3]	reports counterfeit information system components to one or more of the following:
			sa-19(b)[3][a]	the source of counterfeit component;
			sa-19(b)[3][b]	the organization-defined external reporting organizations; and/or
			sa-19(b)[3][c]	the organization-defined personnel or roles.
	potential assessment methods and objects: Examine: [select from: System and services acquisition policy; anti-counterfeit policy and procedures; media disposal policy; media protection policy; incident response policy; training materials addressing counterfeit information system components; training records on detection and prevention of counterfeit components from entering the information system; reports notifying developers/manufacturers/vendors/ contractors and/or external reporting organizations of counterfeit information system components; other relevant documents or records]. Interview: [select from: Organizational personnel with system and services acquisition responsibilities; organizational personnel with information security responsibilities; organizational personnel with responsibility for anti-counterfeit policy, procedures, and reporting]. Test: [select from: Organizational processes for anti-counterfeit detection, prevention, and reporting; automated mechanisms supporting and/or implementing anti-counterfeit detection, prevention, and reporting].

Hosted by ABCI Consultants for Information Security Management Systems | Implementations, Training and Assessments for Compliance | (800) 644-2056