SA-10(6): Trusted Distribution

Control Family:

System and Services Acquisition

Parent Control:

SA-10: Developer Configuration Management

CSF v1.1 References:

PR.DS-8
PR.IP-1
PR.IP-2
PR.IP-3

Threats Addressed:

Tampering

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
SA-10(6): Trusted Distribution

Control Statement

Require the developer of the system, system component, or system service to execute procedures for ensuring that security-relevant hardware, software, and firmware updates distributed to the organization are exactly as specified by the master copies.

Supplemental Guidance

The trusted distribution of security-relevant hardware, software, and firmware updates help to ensure that the updates are correct representations of the master copies maintained by the developer and have not been tampered with during distribution.