Show/Hide Toolbars

ABCI Consultants

Guidance for NIST 800-171 Assessment & Compliance

Navigation: SA-FAMILY: SYSTEM AND SERVICES ACQUISITION

SA-19(2) COMPONENT AUTHENTICITY  |  CONFIGURATION CONTROL FOR COMPONENT SERVICE / REPAIR
Scroll Prev Top Next More

Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

 

 

 

 

 

 

 

 

 

 

 

 

###

sa-19(2)

component authenticity  | configuration control for component service / repair

 

assessment objective:

Determine if the organization:

sa-19(2)[1]

defines information system components requiring configuration control to be maintained when awaiting service/repair;

sa-19(2)[2]

defines information system components requiring configuration control to be maintained when awaiting return to service; and

sa-19(2)[3]

maintains configuration control over organization-defined information system components awaiting service/repairs and serviced/repaired components awaiting return to service.

potential assessment methods and objects:

Examine: [select from: System and services acquisition policy; anti-counterfeit policy and procedures; media protection policy; configuration management plan; information system design documentation; information system configuration settings and associated documentation; configuration control records for components awaiting service/repair; configuration control records for serviced/repaired components awaiting return to service; information system maintenance records; information system audit records; inventory management records; other relevant documents or records].

Interview: [select from: Organizational personnel with system and services acquisition responsibilities; organizational personnel with information security responsibilities; organizational personnel with responsibility for anti-counterfeit policy and procedures; organizational personnel with responsibility for configuration management].

Test: [select from: Organizational processes for configuration management; automated mechanisms supporting and/or implementing configuration management].

 

Hosted by ABCI Consultants for Information Security Management Systems | Implementations, Training and Assessments for Compliance | (800) 644-2056