Navigate

CCI-003961

CCI-003961 Definition

Defines the frequency the hardware components are reviewed and updated.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

Determine if the list of authorized hardware components is reviewed and updated [CM-07(09)_ODP[02]; frequency at which to review and update the list of authorized hardware components is defined].

Validation Procedures

Examine: [SELECT FROM: Configuration management policy; network connection policy and procedures; configuration management plan; system security plan; system design documentation; system component inventory; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system hardware management responsibilities; organizational personnel with information security responsibilities; system/network administrators]. Test: [SELECT FROM: Organizational process for approving execution of binary or machine-executable code; mechanisms supporting and/or implementing the prohibition of binary or machine-executable code].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003961.

Control	Description
CM-7(9)	(a): Identify [hardware components authorized for system use are defined;]; (b): Prohibit the use or connection of unauthorized hardware components; (c): Review and update the list of authorized hardware components [frequency at which to review and update the list of authorized hardware components is defined;].