>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SR-11(2)Component Authenticity | Configuration Control for Component Service and Repair

IL4 Mod
IL4 High
IL5
IL6

>Control Description

Maintain configuration control over the following system components awaiting service or repair and serviced or repaired components awaiting return to service: organization-defined system components.

>DoD Impact Level Requirements

FedRAMP Parameter Values

SR-11 (2) [all]

>Discussion

None.

>Programmatic Queries

Beta

Related Services

AWS Systems Manager
AWS Config
AWS Service Catalog

CLI Commands

Get compliance status for configuration baselines
aws ssm describe-document --name AWS-Hardening-Baseline --document-format JSON
List config rules for component authenticity
aws configservice describe-config-rules --query 'ConfigRules[?contains(ConfigRuleName, `component-authenticity`)]'
Get config remediation actions
aws configservice describe-remediation-configurations --query 'RemediationConfigurations[*].[ConfigRuleName,TargetType]'
Track component service history
aws ssm describe-maintenance-windows --query 'WindowIdentities[?contains(Name, `component-maintenance`)]'
Open AWS ConsoleDocumentation

>Related Controls

CM-3
MA-2
MA-4
SA-10

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What supply chain risk management policies address SR-11(2)?
  • Who is responsible for managing supply chain risks?
  • How do you assess and monitor risks from suppliers, vendors, and contractors?

Technical Implementation:

  • What processes ensure that supply chain components meet security requirements?
  • How do you verify the authenticity and integrity of acquired components?
  • What controls prevent counterfeit or malicious components from entering your supply chain?
  • How do you track and verify the provenance of system components?

Evidence & Documentation:

  • Can you provide supply chain risk assessments?
  • What documentation demonstrates supplier compliance with security requirements?
  • Where do you maintain records of supplier assessments and component provenance?
  • Can you show component inventory and validation records?

Ask AI

Configure your API key to use AI features.