Status: Live
The organization will develop, disseminate, and review: 1) a process to examine received hardware for vulnerabilities that address purpose, scope, and compliance; and 2) procedures to facilitate implementing the process. [UCF ID 01899]
Supporting and supported controls
This control directly supports:
- • Acceptance of facilities, technology, and technology services [UCF Control ID 01144]
There are no supporting controls.
Authority documents complied with:
NISPOM - National Industrial Security Program Operating Manual (DoD 5220.22-M) February 26, 2006, February 28, 2006, § 8-302.b; The Standard of Good Practice for Information Security, SM4.3.3, SM4.3.4, SD4.4.4(a), SD4.4.4(b)
US Federal Security Guidance
Hardware must be tested to ensure it is in good working order and does not disrupt the secure operation of the system when it is installed. [§ 8-302.b, NISPOM - National Industrial Security Program Operating Manual (DoD 5220.22-M) February 26, 2006, February 28, 2006]
General Guidance
All new hardware should be examined by appropriate staff to identify any security deficiencies. External assessments from trusted sources also should be used to determine any vulnerabilities. [SM4.3.3, SM4.3.4, SD4.4.4(a), SD4.4.4(b), The Standard of Good Practice for Information Security]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.