Navigate

CCI-000416

CCI-000416 Definition

Detect the presence of unauthorized hardware, software, and firmware components within the system using organization-defined automated mechanisms, on an organization-defined frequency.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if: - the presence of unauthorized hardware within the system is detected using [CM-08(03)_ODP[01]; automated mechanisms used to detect the presence of unauthorized hardware within the system are defined] [CM-08(03)_ODP[04]; frequency at which automated mechanisms are used to detect the presence of unauthorized system components within the system is defined]. - the presence of unauthorized software within the system is detected using [CM-08(03)_ODP[02]; automated mechanisms used to detect the presence of unauthorized software within the system are defined] [CM-08(03)_ODP[04]; frequency at which automated mechanisms are used to detect the presence of unauthorized system components within the system is defined;]. - the presence of unauthorized firmware within the system is detected using [CM-08(03)_ODP[03]; automated mechanisms used to detect the presence of unauthorized firmware within the system are defined] [CM-08(03)_ODP[04]; frequency at which automated mechanisms are used to detect the presence of unauthorized system components within the system is defined].

Validation Procedures

Examine: [SELECT FROM: Configuration management policy; procedures addressing system component inventory; configuration management plan; system design documentation; system security plan; system component inventory; change control records; alerts/notifications of unauthorized components within the system; system monitoring records; system maintenance records; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with component inventory management responsibilities; organizational personnel with responsibilities for managing the automated mechanisms implementing unauthorized system component detection; organizational personnel with information security responsibilities; system/network administrators; system developers]. Test: [SELECT FROM: Organizational processes for detection of unauthorized system components; organizational processes for taking action when unauthorized system components are detected; automated mechanisms supporting and/or implementing the detection of unauthorized system components; automated mechanisms supporting and/or implementing actions taken when unauthorized system components are detected].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000416.

Control	Description
CM-8(3)	(a): Detect the presence of unauthorized hardware, software, and firmware components within the system using [one of ] [frequency at which automated mechanisms are used to detect the presence of unauthorized system components within the system is defined;] ; and (b): Take the following actions when unauthorized components are detected: [one or more of "disable network access by unauthorized components"/"isolate unauthorized components"/"notify {{ insert: param, cm-08.03_odp.06 }} "].

Control

Description

CM-8(3)

(a): Detect the presence of unauthorized hardware, software, and firmware components within the system using [one of ] [frequency at which automated mechanisms are used to detect the presence of unauthorized system components within the system is defined;] ; and

(b): Take the following actions when unauthorized components are detected: [one or more of "disable network access by unauthorized components"/"isolate unauthorized components"/"notify {{ insert: param, cm-08.03_odp.06 }} "].