NIST 800-53 REV 5 • SUPPLY CHAIN RISK MANAGEMENT

SR-11(1)Anti-counterfeit Training

Train {{ insert: param, sr-11.01_odp }} to detect counterfeit system components (including hardware, software, and firmware).

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

None.

Practitioner Notes

Train your staff to recognize counterfeit components — procurement, receiving, and IT personnel should know what to look for.

Example 1: Provide annual training to procurement and receiving staff on counterfeit detection. Cover topics like checking packaging quality, verifying serial number formats, identifying suspiciously low prices, and using vendor authenticity verification tools.

Example 2: Include counterfeit awareness in your IT security awareness training. Teach IT staff to verify firmware versions, check digital signatures, and report any equipment that behaves unexpectedly or does not match specifications — these could be signs of counterfeit components.

More Supply Chain Risk Management Controls

SR-1 Policy and Procedures SR-2 Supply Chain Risk Management Plan SR-2(1) Establish SCRM Team SR-3 Supply Chain Controls and Processes