NIST 800-53 REV 5 • SUPPLY CHAIN RISK MANAGEMENT

SR-11(2)Configuration Control for Component Service and Repair

Maintain configuration control over the following system components awaiting service or repair and serviced or repaired components awaiting return to service: {{ insert: param, sr-11.02_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

None.

Practitioner Notes

Maintain configuration control when components are sent for service or repair to prevent unauthorized modifications or component substitution.

Example 1: Before sending equipment for repair, record the serial numbers, firmware versions, and component configuration. When the equipment returns, verify all serial numbers match and the firmware version has not changed unexpectedly. Any discrepancy requires investigation.

Example 2: Use only authorized service providers for critical equipment repairs. Include clauses in service contracts that prohibit component substitution without written approval. Require service reports documenting any parts replaced, with old part serial numbers and new part serial numbers.

More Supply Chain Risk Management Controls

SR-1 Policy and Procedures SR-2 Supply Chain Risk Management Plan SR-2(1) Establish SCRM Team SR-3 Supply Chain Controls and Processes