CM-8(3)—Information System Component Inventory

PBMM (P2)

Secret (P2)

Operational

>Control Description

INFORMATION SYSTEM COMPONENT INVENTORY | AUTOMATED UNAUTHORIZED COMPONENT DETECTION (a) The organization employs automated mechanisms ⚙organization-defined frequency to detect the presence of unauthorized hardware, software, and firmware components within the information system; and (b) The organization takes the following actions when unauthorized components are detected: [Selection (one or more): disables network access by such components; isolates the components; notifies ⚙organization-defined personnel or roles].

>Supplemental Guidance

This control enhancement is applied in addition to the monitoring for unauthorized remote connections and mobile devices. Monitoring for unauthorized system components may be accomplished on an ongoing basis or by the periodic scanning of systems for that purpose. Automated mechanisms can be implemented within information systems or in other separate devices.

Isolation can be achieved, for example, by placing unauthorized information system components in separate domains or subnets or otherwise quarantining such components. This type of component isolation is commonly referred to as sandboxing. Related controls: AC-17, AC-18, AC-19, CA-7, SI-3, SI-4, SI-7, RA-5.

>Tailoring Guidance

This security control/enhancement can be met using readily available Commercial-Off-The-Shelf (COTS) components. Consequently, inclusion in a departmental profile is strongly encouraged in most cases.

Ask AI

Configure your API key to use AI features.