CM-7(9): Prohibiting The Use of Unauthorized Hardware
Control Family:
Parent Control:
Threats Addressed:
Baselines:
(Not part of any baseline)
Control is new to this version of the control set.
Control Statement
- Identify [Assignment: organization-defined hardware components authorized for system use];
- Prohibit the use or connection of unauthorized hardware components;
- Review and update the list of authorized hardware components [Assignment: organization-defined frequency].
Supplemental Guidance
Hardware components provide the foundation for organizational systems and the platform for the execution of authorized software programs. Managing the inventory of hardware components and controlling which hardware components are permitted to be installed or connected to organizational systems is essential in order to provide adequate security.