UCF STIG Viewer Logo



Number Title Impact Priority Subject Area
SA-19 Component Authenticity P0 System And Services Acquisition

The organization:
Develops and implements anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the information system; and
Reports counterfeit information system components to Selection (one or more): source of counterfeit component; Assignment: organization-defined external reporting organizations; Assignment: organization-defined personnel or roles.
Sources of counterfeit components include, for example, manufacturers, developers, vendors, and contractors. Anti-counterfeiting policy and procedures support tamper resistance and provide a level of protection against the introduction of malicious code. External reporting organizations include, for example, US-CERT.

SA-19 (1) Anti-Counterfeit Training

The organization trains Assignment: organization-defined personnel or roles to detect counterfeit information system components (including hardware, software, and firmware).

SA-19 (2) Configuration Control For Component Service / Repair

The organization maintains configuration control over Assignment: organization-defined information system components awaiting service/repair and serviced/repaired components awaiting return to service.

SA-19 (3) Component Disposal
Proper disposal of information system components helps to prevent such components from entering the gray market.

The organization disposes of information system components using Assignment: organization-defined techniques and methods.

SA-19 (4) Anti-Counterfeit Scanning

The organization scans for counterfeit information system components Assignment: organization-defined frequency.