Tools and techniques may provide protections against unauthorized production, theft, tampering, insertion of counterfeits, insertion of malicious software or backdoors, and poor development practices throughout the system development life cycle.


  • This control applies to the Information Resource Owner or designee.


  • 1

    The Information Resource Owner or designee shall employ acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks.