HOME

SI-4 (22)

SI-4 (22) H
Description

The information system detects network services that have not been authorized or approved by [Assignment: organization-defined authorization or approval processes] and [Selection (one or more): audits; alerts [Assignment: organization-defined personnel or roles]].

DISA Cloud Computing SRG

at a minimum, the ISSM or ISSO

at a minimum, the ISSM or ISSO

Source:
DoD RMF TAG

Supplemental Guidance

Unauthorized or unapproved network services include, for example, services in service-oriented architectures that lack organizational verification or validation and therefore may be unreliable or serve as malicious rogues for valid services.

Related Controls