SI-4(22): Unauthorized Network Services


  • High

Previous Version:

Control Statement

  1. Detect network services that have not been authorized or approved by [Assignment: organization-defined authorization or approval processes]; and
  2. [Assignment (one or more): Audit, Alert [Assignment: organization-defined personnel or roles] ] when detected.

Supplemental Guidance

Unauthorized or unapproved network services include services in service-oriented architectures that lack organizational verification or validation and may therefore be unreliable or serve as malicious rogues for valid services.