SI-4(22)—System Monitoring | Unauthorized Network Services
IL4 High
IL5
IL6
>Control Description
(a) Detect network services that have not been authorized or approved by ⚙organization-defined authorization or approval processes; and
(b) [Selection (one or more): Audit; Alert ⚙organization-defined personnel or roles] when detected.
>DoD Impact Level Requirements
No specific parameter values or requirements for this impact level.
>Discussion
Unauthorized or unapproved network services include services in service-oriented architectures that lack organizational verification or validation and may therefore be unreliable or serve as malicious rogues for valid services.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies and procedures govern unauthorized network services?
- •Who is responsible for monitoring system and information integrity?
- •How frequently are integrity monitoring processes reviewed and updated?
Technical Implementation:
- •What technical controls detect and respond to unauthorized network services issues?
- •How are integrity violations identified and reported?
- •What automated tools support system and information integrity monitoring?
- •What anti-malware solutions are deployed and how are they configured?
Evidence & Documentation:
- •Can you provide recent integrity monitoring reports or alerts?
- •What logs demonstrate that SI-4(22) is actively implemented?
- •Where is evidence of integrity monitoring maintained and for how long?
- •Can you show recent malware detection reports and response actions?
Ask AI
Configure your API key to use AI features.