This Control has the following implementation support Control(s):
Establish, implement, and maintain an anti-counterfeit policy., CC ID: 11499
Establish, implement, and maintain anti-counterfeit procedures., CC ID: 11498
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Organizations must maintain and enforce a "No Tolerance" policy against knowingly and intentionally trafficking in counterfeit products. (Art 1, ASCDI/NATD Anti-Counterfeit Policy, Revision 1)
The organization shall establish and maintain a counterfeit parts control plan that documents the risk mitigation processes, disposition processes, and reporting processes. (§ 4.1, SAE AS 5553: Fraudulent/Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition, Revision A)
The organization's executive management shall define and document an anti-counterfeit policy. (§ 4.1.1, SAE AS6081, Fraudulent/Counterfeit Electronic Parts: Avoidance, Detection, Mitigation, and Disposition - Distributors)
The organization shall establish and maintain a fraudulent/counterfeit electronic parts control plan. (§ 4.2, SAE AS6081, Fraudulent/Counterfeit Electronic Parts: Avoidance, Detection, Mitigation, and Disposition - Distributors)
The control plan requirements shall flow down to the organization's suppliers, contractors, and subcontractors. (§ 4.2, SAE AS6081, Fraudulent/Counterfeit Electronic Parts: Avoidance, Detection, Mitigation, and Disposition - Distributors)
As part of the CSO's DoD PA assessment package, the CSP will provide a SCRM plan outlining their supply chain assessment/management and component authenticity process and measures taken such that they are not acquiring system components and software that are counterfeit, unreliable, or contain malic… (Section 5.18 ¶ 2, Department of Defense Cloud Computing Security Requirements Guide, Version 1, Release 3)
The organization must not knowingly procure counterfeit products. (§ 3.a, DoD Instruction 4140.67, DoD Counterfeit Prevention Policy)
Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and (SR-11a., FedRAMP Security Controls High Baseline, Version 5)
Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and (SR-11a., FedRAMP Security Controls Low Baseline, Version 5)
Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and (SR-11a., FedRAMP Security Controls Moderate Baseline, Version 5)
Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and (SR-11a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and (SR-11a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and (SR-11a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and (SR-11a., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and (SR-11a., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and (SR-11a., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and (SR-11a., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
The organization develops and implements anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the information system. (SA-19a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
Develops and implements anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the information system; and (SA-19a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and (SR-11a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and (SR-11a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
Develops and implements anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the information system; and (SA-19a., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
