SR-11: Component Authenticity

CSF v2.0 References:

Threats Addressed:

Baselines:

Info icon.

Control is new to this version of the control set and incorporates the following item from the previous version: SA-19: Component Authenticity.

Control Statement

  1. Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and
  2. Report counterfeit system components to [Assignment (one or more): source of counterfeit component, [Assignment: organization-defined external reporting organizations] , [Assignment: organization-defined personnel or roles] ].

Supplemental Guidance

Sources of counterfeit components include manufacturers, developers, vendors, and contractors. Anti-counterfeiting policies and procedures support tamper resistance and provide a level of protection against the introduction of malicious code. External reporting organizations include CISA.

Control Enhancements

SR-11(1): Anti-counterfeit Training

Baseline(s):

  • Low
  • Moderate
  • High

Train [Assignment: organization-defined personnel or roles] to detect counterfeit system components (including hardware, software, and firmware).