myctrl.tools
Compare

SR-11(3)Anti-Counterfeit Scanning

>Control Description

Scan for counterfeit system components organization-defined frequency.

>Cross-Framework Mappings

SCF

TDA-11
Compare

>Supplemental Guidance

The type of component determines the type of scanning to be conducted (e.g., web application scanning if the component is a web application).

>Related Controls

RA-5

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What supply chain risk management policies address SR-11(3)?
  • Who is responsible for managing supply chain risks?
  • How do you assess and monitor risks from suppliers, vendors, and contractors?

Technical Implementation:

  • What processes ensure that supply chain components meet security requirements?
  • How do you verify the authenticity and integrity of acquired components?
  • What controls prevent counterfeit or malicious components from entering your supply chain?
  • How do you track and verify the provenance of system components?
  • What anti-counterfeit measures are in place?

Evidence & Documentation:

  • Can you provide supply chain risk assessments?
  • What documentation demonstrates supplier compliance with security requirements?
  • Where do you maintain records of supplier assessments and component provenance?
  • Can you show component inventory and validation records?

Ask AI

Configure your API key to use AI features.