SA-18(2): Inspection Of Information Systems, Components, Or Devices

CSF v1.1 References:

Threats Addressed:


(Not part of any baseline)

Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: SR-10: Inspection of Systems or Components.

Control Statement

The organization inspects [Assignment: organization-defined information systems, system components, or devices] [Selection (one or more): at random; at [Assignment: organization-defined frequency], upon [Assignment: organization-defined indications of need for inspection]] to detect tampering.

Supplemental Guidance

This control enhancement addresses both physical and logical tampering and is typically applied to mobile devices, notebook computers, or other system components taken out of organization-controlled areas. Indications of need for inspection include, for example, when individuals return from travel to high-risk locations.