SA-12(13): Critical Information System Components


(Not part of any baseline)

Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: MA-6: Timely Maintenance, RA-9: Criticality Analysis.

Control Statement

The organization employs [Assignment: organization-defined security safeguards] to ensure an adequate supply of [Assignment: organization-defined critical information system components].

Supplemental Guidance

Adversaries can attempt to impede organizational operations by disrupting the supply of critical information system components or corrupting supplier operations. Safeguards to ensure adequate supplies of critical information system components include, for example: (i) the use of multiple suppliers throughout the supply chain for the identified critical components; and (ii) stockpiling of spare components to ensure operation during mission-critical times.