NIST 800-53 REV 5 • SUPPLY CHAIN RISK MANAGEMENT

SR-11Component Authenticity

Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and Report counterfeit system components to {{ insert: param, sr-11_odp.01 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Sources of counterfeit components include manufacturers, developers, vendors, and contractors. Anti-counterfeiting policies and procedures support tamper resistance and provide a level of protection against the introduction of malicious code. External reporting organizations include CISA.

Practitioner Notes

Implement anti-counterfeit measures to detect and prevent the use of fake or unauthorized components in your systems. Counterfeit components may fail unexpectedly or contain hidden backdoors.

Example 1: Purchase IT equipment only from authorized distributors and resellers. Verify the authenticity of components using manufacturer verification tools (like Cisco's hardware serial number checker or HPE Part Surfer). Flag components with unverifiable serial numbers.

Example 2: For critical electronic components, use X-ray inspection or other physical testing to verify component markings match actual capabilities. Report suspected counterfeits to GIDEP (Government-Industry Data Exchange Program) or the manufacturer.

More Supply Chain Risk Management Controls

SR-1 Policy and Procedures SR-2 Supply Chain Risk Management Plan SR-2(1) Establish SCRM Team SR-3 Supply Chain Controls and Processes