>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SA-19Component Authenticity

Secret
Management

>Control Description

(A) The organization develops and implements anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the information system. (B) The organization reports counterfeit information system components to [Selection (one or more): source of counterfeit component; organization-defined external reporting organizations; organization-defined personnel or roles].

>Supplemental Guidance

Sources of counterfeit components include, for example, manufacturers, developers, vendors, and contractors. Anti-counterfeiting policy and procedures support tamper resistance and provide a level of protection against the introduction of malicious code. External reporting organizations include, for example, CERTS.

Related controls: PE-3, SA-12, SI-7

>Tailoring Guidance

This security control/enhancement specifies a very specialized and/or advanced capability that is not required for all systems. Consequently, inclusion in a departmental profile is made on a case by case basis.

Ask AI

Configure your API key to use AI features.