FedRAMP Control Explorer

Controls

Access Control

Assessment, Authorization, and Monitoring

Audit and Accountability

Awareness and Training

Configuration Management

Contingency Planning

Identification and Authentication

Incident Response

Maintenance

Media Protection

Personnel Security

Physical and Environmental Protection

Planning

Risk Assessment

Supply Chain Risk Management

System and Communications Protection

System and Information Integrity

System and Services Acquisition

SR-11 Component Authenticity

Control

Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and

Report counterfeit system components to [Selection (one or more): source of counterfeit component; [Assignment: organization-defined external reporting organizations] ; [Assignment: organization-defined personnel or roles] ].

Requirement:

CSOs must ensure that their supply chain vendors provide authenticity of software and patches and the vendor must have a plan to protect the development pipeline.

Discussion

Sources of counterfeit components include manufacturers, developers, vendors, and contractors. Anti-counterfeiting policies and procedures support tamper resistance and provide a level of protection against the introduction of malicious code. External reporting organizations include CISA.

FedRAMP-Defined Assignment / Selection Parameters

SR-11 (b) [Selection: source of counterfeit component, {{ insert: param, sr-11_odp.02 }} , {{ insert: param, sr-11_odp.03 }} ] -