Navigate

CCI-001783

CCI-001783 Definition

Defines the personnel or roles to be notified when unauthorized hardware, software, and firmware components are detected within the system.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if: - [CM-08(03)_ODP[05]; one or more of the following PARAMETER VALUES is/are selected: {disable network access by unauthorized components; isolate unauthorized components; notify [CM-08(03)_ODP[06]; personnel or roles to be notified when unauthorized components are detected is/are defined (if selected)]}] are taken when unauthorized hardware is detected. - [CM-08(03)_ODP[05]; one or more of the following PARAMETER VALUES is/are selected: {disable network access by unauthorized components; isolate unauthorized components; notify [CM-08(03)_ODP[06]; personnel or roles to be notified when unauthorized components are detected is/are defined (if selected)]}] are taken when unauthorized software is detected. - [CM-08(03)_ODP[05]; one or more of the following PARAMETER VALUES is/are selected: {disable network access by unauthorized components; isolate unauthorized components; notify [CM-08(03)_ODP[06]; personnel or roles to be notified when unauthorized components are detected is/are defined (if selected)]}] are taken when unauthorized software is detected.

Validation Procedures

Examine: [SELECT FROM: Configuration management policy; procedures addressing system component inventory; configuration management plan; system design documentation; system security plan; system component inventory; change control records; alerts/notifications of unauthorized components within the system; system monitoring records; system maintenance records; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with component inventory management responsibilities; organizational personnel with responsibilities for managing the automated mechanisms implementing unauthorized system component detection; organizational personnel with information security responsibilities; system/network administrators; system developers]. Test: [SELECT FROM: Organizational processes for detection of unauthorized system components; organizational processes for taking action when unauthorized system components are detected; automated mechanisms supporting and/or implementing the detection of unauthorized system components; automated mechanisms supporting and/or implementing actions taken when unauthorized system components are detected].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001783.

Control	Description
CM-8(3)	(a): Detect the presence of unauthorized hardware, software, and firmware components within the system using [one of ] [frequency at which automated mechanisms are used to detect the presence of unauthorized system components within the system is defined;] ; and (b): Take the following actions when unauthorized components are detected: [one or more of "disable network access by unauthorized components"/"isolate unauthorized components"/"notify {{ insert: param, cm-08.03_odp.06 }} "].

Control

Description

CM-8(3)

(a): Detect the presence of unauthorized hardware, software, and firmware components within the system using [one of ] [frequency at which automated mechanisms are used to detect the presence of unauthorized system components within the system is defined;] ; and

(b): Take the following actions when unauthorized components are detected: [one or more of "disable network access by unauthorized components"/"isolate unauthorized components"/"notify {{ insert: param, cm-08.03_odp.06 }} "].