SA-10(6): Trusted Distribution

CSF v1.1 References:

Threats Addressed:

Baselines:

(Not part of any baseline)

Next Version:

Control Statement

The organization requires the developer of the information system, system component, or information system service to execute procedures for ensuring that security-relevant hardware, software, and firmware updates distributed to the organization are exactly as specified by the master copies.

Supplemental Guidance

The trusted distribution of security-relevant hardware, software, and firmware updates helps to ensure that such updates are faithful representations of the master copies maintained by the developer and have not been tampered with during distribution.