Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The information system alerts [Assignment: organization-defined personnel or roles] when the unauthorized installation of software is detected.
NIST 800-53 (r4) Supplemental Guidance:
Related controls: CA-7, SI-4.
NIST 800-53 (r5) Discussion:
Withdrawn: Incorporated into CM-8(3).
38North Guidance:
Meets Minimum Requirement:
In the event of unauthorized software being detected, authorized personnel should be alerted and the incident handling process should be invoked.
Best Practice:
TBD
Unofficial FedRAMP Guidance:
This control can be satisfied by implementing CM-8 (3) depending on the parameters selected for CM-8 (3) (b).
Assessment Evidence:
SIEM, Integrity monitoring tool configurations and alerts
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse