>myctrl.tools
GitHub

SR-11Component Authenticity

LOW
MODERATE
HIGH

>Control Description

a. Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and b. Report counterfeit system components to [Selection (one or more): source of counterfeit component; [Assignment: organization-defined external reporting organizations]; [Assignment: organization-defined personnel or roles]].

>Supplemental Guidance

Sources of counterfeit components include manufacturers, developers, vendors, and contractors. Anti-counterfeiting policies and procedures support tamper resistance and provide a level of protection against the introduction of malicious code. External reporting organizations include CISA.

>Related Controls

PE-3
SA-4
SI-7
SR-9
SR-10

>Control Enhancements

SR-11(1)
SR-11(2)
SR-11(3)