SR-9(1)—Tamper Resistance and Detection | Multiple Stages of System Development Life Cycle
IL4 High
IL5
IL6
>Control Description
Employ anti-tamper technologies, tools, and techniques throughout the system development life cycle.
>DoD Impact Level Requirements
No specific parameter values or requirements for this impact level.
>Discussion
The system development life cycle includes research and development, design, manufacturing, acquisition, delivery, integration, operations and maintenance, and disposal. Organizations use a combination of hardware and software techniques for tamper resistance and detection. Organizations use obfuscation and self-checking to make reverse engineering and modifications more difficult, time-consuming, and expensive for adversaries.
The customization of systems and system components can make substitutions easier to detect and therefore limit damage.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What supply chain risk management policies address SR-9(1)?
- •Who is responsible for managing supply chain risks?
- •How do you assess and monitor risks from suppliers, vendors, and contractors?
Technical Implementation:
- •What processes ensure that supply chain components meet security requirements?
- •How do you verify the authenticity and integrity of acquired components?
- •What controls prevent counterfeit or malicious components from entering your supply chain?
- •How do you track and verify the provenance of system components?
Evidence & Documentation:
- •Can you provide supply chain risk assessments?
- •What documentation demonstrates supplier compliance with security requirements?
- •Where do you maintain records of supplier assessments and component provenance?
- •Can you show component inventory and validation records?
Ask AI
Configure your API key to use AI features.