NIST 800-53 REV 5 • SUPPLY CHAIN RISK MANAGEMENT

SR-11(3)Anti-counterfeit Scanning

Scan for counterfeit system components {{ insert: param, sr-11.03_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

The type of component determines the type of scanning to be conducted (e.g., web application scanning if the component is a web application).

Practitioner Notes

Use automated scanning to detect counterfeit components based on component identifiers, firmware fingerprints, or known counterfeit databases.

Example 1: Use network device management tools to automatically inventory hardware serial numbers and firmware versions across your fleet. Compare against the manufacturer's database to verify authenticity. Flag any devices with serial numbers that do not match manufacturer records.

Example 2: For electronic components, use automated testing equipment that verifies component characteristics (timing, voltage, temperature response) against manufacturer specifications. Components that deviate from specs may be counterfeits that will fail prematurely or perform unexpectedly.

More Supply Chain Risk Management Controls

SR-1 Policy and Procedures SR-2 Supply Chain Risk Management Plan SR-2(1) Establish SCRM Team SR-3 Supply Chain Controls and Processes