SR - Supply Chain Risk Management
- Controls Count: 2
- Controls IDs: SR-9, SR-9 (1)
Controls
SR-9: Tamper Resistance and Detection
Implement a tamper protection program for the system, system component, or system service.
Anti-tamper technologies, tools, and techniques provide a level of protection for systems, system components, and services against many threats, including reverse engineering, modification, and substitution. Strong identification combined with tamper resistance and/or tamper detection is essential to protecting systems and components during distribution and when in use.
a tamper protection program is implemented for the system, system component, or system service.
Supply chain risk management policy and procedures
supply chain risk management plan
system and services acquisition policy
procedures addressing supply chain protection
procedures addressing tamper resistance and detection
tamper protection program documentation
tamper protection tools and techniques documentation
tamper resistance and detection tools and techniques documentation
acquisition documentation
service level agreements
acquisition contracts for the system, system component, or system service
system security plan
other relevant documents or records
Organizational personnel with tamper protection program responsibilities
organizational personnel with information security responsibilities
organizational personnel with supply chain risk management responsibilities
Organizational processes for the implementation of the tamper protection program
mechanisms supporting and/or implementing the tamper protection program
SR-9 (1): Multiple Stages of System Development Life Cycle
Employ anti-tamper technologies, tools, and techniques throughout the system development life cycle.
The system development life cycle includes research and development, design, manufacturing, acquisition, delivery, integration, operations and maintenance, and disposal. Organizations use a combination of hardware and software techniques for tamper resistance and detection. Organizations use obfuscation and self-checking to make reverse engineering and modifications more difficult, time-consuming, and expensive for adversaries. The customization of systems and system components can make substitutions easier to detect and therefore limit damage.
anti-tamper technologies, tools, and techniques are employed throughout the system development life cycle.
Supply chain risk management policy and procedures
supply chain risk management plan
system and services acquisition policy
procedures addressing tamper resistance and detection
tamper protection program documentation
tamper protection tools and techniques documentation
tamper resistance and detection tools (technologies) and techniques documentation
system development life cycle documentation
procedures addressing supply chain protection
system development life cycle procedures
acquisition documentation
service level agreements
acquisition contracts for the system, system component, or system service
inter-organizational agreements and procedures
system security plan
other relevant documents or records
Organizational personnel with system and services acquisition responsibilities
organizational personnel with information security responsibilities
organizational personnel with supply chain risk management responsibilities
organizational personnel with SDLC responsibilities
Organizational processes for employing anti-tamper technologies
mechanisms supporting and/or implementing anti-tamper technologies