CCI-001783

The organization defines the personnel or roles to be notified when unauthorized hardware, software, and firmware components are detected within the information system.

Implementation Guidance

The organization being inspected/assessed defines and documents any personnel or roles, in addition to the ISSO or ISSM, to be notified when unauthorized hardware, software, and firmware components are detected within the information system. If there are no additional personnel or roles, the organization must also document that. DoD has defined the personnel or roles as the ISSO and ISSM and others as the local organization deems appropriate.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented list of personnel or roles to be notified when unauthorized hardware, software, and firmware components are detected within the information system to ensure the organization being inspected/assessed has either defined additional personnel or roles, or identified that there are no additional personnel or roles. DoD has defined the personnel or roles as the ISSO and ISSM and others as the local organization deems appropriate.

Compelling Evidence

1.) List of personnel to be notified when unauthorized hardware, software, and firmware components are detected

The controls below (if any) were marked by NIST as being related to CCI-001783.