SR-10: Inspection of Systems or Components
Control Family:
CSF v1.1 References:
Threats Addressed:
Baselines:
- Low
- SR-10
- Moderate
- SR-10
- High
- SR-10
- Privacy
N/A
Control is new to this version of the control set and incorporates the following control from the previous version: SA-18(2): Inspection Of Information Systems, Components, Or Devices.
Control Statement
Inspect the following systems or system components [Assignment (one or more): at random, at [Assignment: organization-defined frequency], upon [Assignment: organization-defined indications of need for inspection] ] to detect tampering: [Assignment: organization-defined systems or system components].
Supplemental Guidance
The inspection of systems or systems components for tamper resistance and detection addresses physical and logical tampering and is applied to systems and system components removed from organization-controlled areas. Indications of a need for inspection include changes in packaging, specifications, factory location, or entity in which the part is purchased, and when individuals return from travel to high-risk locations.