The organization defines a list of security-critical information system components and/or key information technology components for which it will obtain maintenance support and/or spare parts.
No STIG checks reference this CCI.