SR-11 Component Authenticity
Control
a.
Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and
b.
Report counterfeit system components to [Selection (one or more): source of counterfeit component; [Assignment: organization-defined external reporting organizations] ; [Assignment: organization-defined personnel or roles] ].
Requirement:
CSOs must ensure that their supply chain vendors provide authenticity of software and patches and the vendor must have a plan to protect the development pipeline.
Discussion
Sources of counterfeit components include manufacturers, developers, vendors, and contractors. Anti-counterfeiting policies and procedures support tamper resistance and provide a level of protection against the introduction of malicious code. External reporting organizations include CISA.
FedRAMP-Defined Assignment / Selection Parameters
- SR-11 (b) [Selection: source of counterfeit component, {{ insert: param, sr-11_odp.02 }} , {{ insert: param, sr-11_odp.03 }} ] -