CCI-002628

Defines the unauthorized operating system commands that are to be detected through the kernel application programming interface on organization-defined system hardware components.

Implementation Guidance

The organization being inspected/assessed defines and documents the unauthorized operating system commands that are to be detected through the kernel application programming interface by organization-defined information system hardware components. DoD has determined the unauthorized operating system commands are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented unauthorized operating system commands to ensure the organization being inspected/assessed defines the unauthorized operating system commands that are to be detected through the kernel application programming interface by organization-defined information system hardware components. DoD has determined the unauthorized operating system commands are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated system security plan with reference to section pertaining to unauthorized operating system commands to ensure the organization being inspected/assessed defines the unauthorized operating system commands that are to be detected through the kernel application programming interface by organization-defined information system hardware components.

The controls below (if any) were marked by NIST as being related to CCI-002628.