CM-7(9): Prohibiting The Use of Unauthorized Hardware

CSF v1.1 References:

CSF v2.0 References:

Threats Addressed:


(Not part of any baseline)

Info icon.

Control is new to this version of the control set.

Control Statement

  1. Identify [Assignment: organization-defined hardware components authorized for system use];
  2. Prohibit the use or connection of unauthorized hardware components;
  3. Review and update the list of authorized hardware components [Assignment: organization-defined frequency].

Supplemental Guidance

Hardware components provide the foundation for organizational systems and the platform for the execution of authorized software programs. Managing the inventory of hardware components and controlling which hardware components are permitted to be installed or connected to organizational systems is essential in order to provide adequate security.