myctrl.tools
Compare

SA-19Component Authenticity

Secret
Management

>Control Description

(A) The organization develops and implements anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the information system. (B) The organization reports counterfeit information system components to source of counterfeit component; [Assignment: organization-defined external reporting organizations; organization-defined personnel or roles].

>Supplemental Guidance

Sources of counterfeit components include, for example, manufacturers, developers, vendors, and contractors. Anti-counterfeiting policy and procedures support tamper resistance and provide a level of protection against the introduction of malicious code. External reporting organizations include, for example, CERTS.

Related controls: PE-3, SA-12, SI-7

>Tailoring Guidance

This security control/enhancement specifies a very specialized and/or advanced capability that is not required for all systems. Consequently, inclusion in a departmental profile is made on a case by case basis.

Ask AI

Configure your API key to use AI features.