CCI-001784

When unauthorized hardware, software, and firmware components are detected within the information system, the organization takes action to disable network access by such components, isolates the components, and/or notifies organization-defined personnel or roles.

Implementation Guidance

The organization being inspected/assessed documents and implements a process to take action to disable network access by unauthorized software, hardware, and firmware components, isolate the components, and/or notify the ISSO and ISSM and others as the local organization deems appropriate. The organization must maintain an audit trail of actions taken upon detection of unauthorized software, hardware, and firmware components. DoD has defined the personnel or roles as the ISSO and ISSM and others as the local organization deems appropriate.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process and audit trail for taking action upon detection of unauthorized components to ensure the organization being inspected/assessed takes action to disable network access by unauthorized software, hardware, and firmware components, isolate the components, and/or notify the ISSO and ISSM and others as the local organization deems appropriate. DoD has defined the personnel or roles as the ISSO and ISSM and others as the local organization deems appropriate.

Compelling Evidence

1.) Signed and dated continuous monitoring policy

The controls below (if any) were marked by NIST as being related to CCI-001784.