>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SR-10Inspection of Systems or Components

IL4 Mod
IL4 High
IL5
IL6

>Control Description

Inspect the following systems or system components [Selection (one or more): at random; at organization-defined frequency, upon organization-defined indications of need for inspection] to detect tampering: organization-defined systems or system components.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

The inspection of systems or systems components for tamper resistance and detection addresses physical and logical tampering and is applied to systems and system components removed from organization-controlled areas. Indications of a need for inspection include changes in packaging, specifications, factory location, or entity in which the part is purchased, and when individuals return from travel to high-risk locations.

>Programmatic Queries

Beta

Related Services

Amazon Inspector
AWS Systems Manager
AWS Config

CLI Commands

Start an Inspector assessment run
aws inspector2 enable --resource-types EC2 ECR_CONTAINER_IMAGE LAMBDA
List Inspector findings by severity
aws inspector2 list-findings --sort-criteria '{"field":"SEVERITY","sortOrder":"DESC"}' --max-results 20
Run SSM compliance scan on instances
aws ssm start-associations-once --association-ids ASSOCIATION_ID
Get instance patch compliance
aws ssm describe-instance-patch-states --instance-ids INSTANCE_ID
Open AWS ConsoleDocumentation

>Related Controls

AT-3
PM-30
SI-4
SI-7
SR-3
SR-4
SR-5
SR-9
SR-11

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What supply chain risk management policies address SR-10?
  • Who is responsible for managing supply chain risks?
  • How do you assess and monitor risks from suppliers, vendors, and contractors?

Technical Implementation:

  • What processes ensure that supply chain components meet security requirements?
  • How do you verify the authenticity and integrity of acquired components?
  • What controls prevent counterfeit or malicious components from entering your supply chain?
  • How do you track and verify the provenance of system components?

Evidence & Documentation:

  • Can you provide supply chain risk assessments?
  • What documentation demonstrates supplier compliance with security requirements?
  • Where do you maintain records of supplier assessments and component provenance?
  • Can you show component inventory and validation records?

Ask AI

Configure your API key to use AI features.