Navigate

CCI-002563

CCI-002563 Definition

Control the use of organization-defined system components which have the potential to cause damage to the system if used maliciously.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if: - the use of [SC-43_ODP; the components for which usage restrictions and implementation guidance are to be established are defined] is authorized within the system. - the use of [SC-43_ODP; the components for which usage restrictions and implementation guidance are to be established are defined] is monitored within the system. - the use of [SC-43_ODP; the components for which usage restrictions and implementation guidance are to be established are defined] is controlled within the system.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; usage restrictions; procedures addressing usage restrictions; implementation policy and procedures; authorization records; system monitoring records; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel installing, configuring, and/or maintaining the system]. Test: [SELECT FROM: Organizational processes for authorizing, monitoring, and controlling the use of components with usage restrictions; mechanisms supporting and/or implementing, authorizing, monitoring, and controlling the use of components with usage restrictions].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002563.

Control	Description
SC-43	a: Establish usage restrictions and implementation guidelines for the following system components: [the components for which usage restrictions and implementation guidance are to be established are defined;] ; and b: Authorize, monitor, and control the use of such components within the system.