(a) Detect network services that have not been authorized or approved by [Assignment: organization-defined authorization or approval processes]; and
(b) [Selection (one or more): Audit; Alert [Assignment: organization-defined personnel or roles]] when detected.
|
|
| Control Identifier | SI-4(22) |
| Latest Sync Date | 19/12/24 09:18:14 |
| Discussion | Unauthorized or unapproved network services include services in service-oriented architectures that lack organizational verification or validation and may therefore be unreliable or serve as malicious rogues for valid services. |
| Related Controls | CM-7. |