CCI-001811

The information system alerts organization-defined personnel or roles when the unauthorized installation of software is detected.

Implementation Guidance

The organization being inspected/assessed must configure the information system to alert ISSO and ISSM and others as the local organization deems appropriate when the unauthorized installation of software is detected. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 1811. DoD has defined the personnel or roles that must be notified when unauthorized software is detected as the ISSO and ISSM and others as the local organization deems appropriate.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the configuration of the automated mechanism or evidence that alerts are occurring when unauthorized software is installed to ensure the information system alerts the ISSO and ISSM and others as the local organization deems appropriate when the unauthorized installation of software is detected. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 1811. DoD has defined the personnel or roles that must be notified when unauthorized software is detected as the ISSO and ISSM and others as the local organization deems appropriate.

Compelling Evidence

1.) Sampling of alerts to ensure the correct personnel are receiving them, including the ISSO and ISSM 2.) Applicable STIG/SRG checks

The controls below (if any) were marked by NIST as being related to CCI-001811.