The network device must generate an alert that will then be sent to the ISSO, ISSM, and other designated personnel (deemed appropriate by the local organization) when the unauthorized installation of software is detected.

From Network Device Management Security Requirements Guide

Associated with: CCI-001811

SV-69483r2_rule The network device must generate an alert that will then be sent to the ISSO, ISSM, and other designated personnel (deemed appropriate by the local organization) when the unauthorized installation of software is detected.

Vulnerability discussion

Unauthorized software not only increases risk by increasing the number of potential vulnerabilities, it also can contain malicious code. Sending an alert (in real time) when unauthorized software is detected allows designated personnel to take action on the installation of unauthorized software. Note that while the device must generate the alert, the notification may be done by a management server.

Check content

Determine if the network device generates an alert when the unauthorized installation of software is detected. This requirement may be verified by demonstration or configuration review. The management/audit server that the network device sends alerts to would typically perform the function of sending these alerts to specific individuals. If the network device does not generate an alert when the unauthorized installation of software is detected, this is a finding.

Fix text

Configure the network device to generate an alert when the unauthorized installation of software is detected.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.