NIST 800-53 REV 5 • SUPPLY CHAIN RISK MANAGEMENT

SR-9Tamper Resistance and Detection

Implement a tamper protection program for the system, system component, or system service.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Anti-tamper technologies, tools, and techniques provide a level of protection for systems, system components, and services against many threats, including reverse engineering, modification, and substitution. Strong identification combined with tamper resistance and/or tamper detection is essential to protecting systems and components during distribution and when in use.

Practitioner Notes

Use tamper resistance and tamper detection mechanisms for critical system components to prevent and detect unauthorized physical modification.

Example 1: Purchase servers and network equipment with tamper-evident chassis intrusion detection. When the server case is opened, a sensor records the event in the firmware log. Review these logs during receiving and during periodic physical security inspections.

Example 2: Use tamper-evident seals on critical equipment during shipping and storage. Photograph the seals at departure and verify them at arrival. Broken or replaced seals indicate potential tampering and require investigation before the equipment is deployed.

More Supply Chain Risk Management Controls

SR-1 Policy and Procedures SR-2 Supply Chain Risk Management Plan SR-2(1) Establish SCRM Team SR-3 Supply Chain Controls and Processes