SA-12(10): Validate As Genuine And Not Altered


(Not part of any baseline)

Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: SR-4(3): Validate as Genuine and Not Altered.

Control Statement

The organization employs [Assignment: organization-defined security safeguards] to validate that the information system or system component received is genuine and has not been altered.

Supplemental Guidance

For some information system components, especially hardware, there are technical means to help determine if the components are genuine or have been altered. Security safeguards used to validate the authenticity of information systems and information system components include, for example, optical/nanotechnology tagging and side-channel analysis. For hardware, detailed bill of material information can highlight the elements with embedded logic complete with component and production location.