Component Authenticity
Supply Chain Risk Management
NIST Control Text
Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and
Report counterfeit system components to [Selection (one or more): source of counterfeit component; [Assignment: organization-defined external reporting organizations]; [Assignment: organization-defined personnel or roles]].
NIST Discussion
Sources of counterfeit components include manufacturers, developers, vendors, and contractors. Anti-counterfeiting policies and procedures support tamper resistance and provide a level of protection against the introduction of malicious code. External reporting organizations include CISA.
SL5 Supplemental Guidance
Apply SP 800-161 Rev 1 guidance [3] for prevention of counterfeit components through use of qualified bidders lists (QBL) and qualified manufacturers lists (QML). While not available to private companies unless contracting for the government, the Trusted Foundry program could be useful for some components if government cooperation is available [27].