Navigate

SI-4(22)

SI-4(22): Unauthorized Network Services

(a): Detect network services that have not been authorized or approved by [authorization or approval processes for network services are defined;] ; and

(b): [one or more of "audit"/"alert {{ insert: param, si-04.22_odp.03 }} "] when detected.

Supplemental

Unauthorized or unapproved network services include services in service-oriented architectures that lack organizational verification or validation and may therefore be unreliable or serve as malicious rogues for valid services.

CIA Levels
Confidentiality	low
Integrity	low
Availability	low

Overlays
NC3

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to SI-4(22).

Control	Description
CM-7	a: Configure the system to provide only [mission-essential capabilities for the system are defined;] ; and b: Prohibit or restrict the use of the following functions, ports, protocols, software, and/or services: [one of ].

Enhancements

The controls below (if any) add on to the requirements of SI-4(22).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-4(22).

CCI	Definition
CCI-002681	Defines the authorization or approval process for network services.
CCI-002682	Defines the personnel or roles to be alerted when unauthorized or unapproved network services are detected.
CCI-002683	Detect network services that have not been authorized or approved by the organization-defined authorization or approval processes.
CCI-002684	Audit and/or alert organization-defined personnel when unauthorized network services are detected.