CM-7(9): Prohibiting The Use of Unauthorized Hardware
(Not part of any baseline)
Control is new to this version of the control set.
- Identify [Assignment: organization-defined hardware components authorized for system use];
- Prohibit the use or connection of unauthorized hardware components;
- Review and update the list of authorized hardware components [Assignment: organization-defined frequency].
Hardware components provide the foundation for organizational systems and the platform for the execution of authorized software programs. Managing the inventory of hardware components and controlling which hardware components are permitted to be installed or connected to organizational systems is essential in order to provide adequate security.