SI-4(22)—Unauthorized Network Services
HIGH
>Control Description
a. Detect network services that have not been authorized or approved by [Assignment: organization-defined authorization or approval processes]; and b. [Selection (one or more): Audit; Alert [Assignment: organization-defined personnel or roles]] when detected.
>Supplemental Guidance
Unauthorized or unapproved network services include services in service-oriented architectures that lack organizational verification or validation and may therefore be unreliable or serve as malicious rogues for valid services.