Tools and techniques may provide protections against unauthorized production, theft, tampering, insertion of counterfeits, insertion of malicious software or backdoors, and poor development practices throughout the system development life cycle.

• This control applies to the Information Resource Owner or designee.

• 1

  The Information Resource Owner or designee shall employ acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks.