800-53|SI-4(22)

Title

UNAUTHORIZED NETWORK SERVICES

Description

The information system detects network services that have not been authorized or approved by [Assignment: organization-defined authorization or approval processes] and [Selection (one or more): audits; alerts [Assignment: organization-defined personnel or roles]].

Supplemental

Unauthorized or unapproved network services include, for example, services in service-oriented architectures that lack organizational verification or validation and therefore may be unreliable or serve as malicious rogues for valid services.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-6,CM-7,SA-5,SA-9

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: INFORMATION SYSTEM MONITORING

Family: SYSTEM AND INFORMATION INTEGRITY

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
F5BI-AP-300018 - The F5 BIG-IP appliance must generate event log records that can be forwarded to the centralized events log.	F5	DISA F5 BIG-IP TMOS ALG STIG v1r2
F5BI-AP-300068 - The F5 BIG-IP appliance providing content filtering must detect use of network services that have not been authorized or approved by the information system security manager (ISSM) and information system security officer (ISSO), at a minimum.	F5	DISA F5 BIG-IP TMOS ALG STIG v1r2
F5BI-AP-300069 - The F5 BIG-IP appliance providing content filtering must generate a log record when unauthorized network services are detected.	F5	DISA F5 BIG-IP TMOS ALG STIG v1r2
PANW-AG-000112 - The Palo Alto Networks security platform must detect use of network services that have not been authorized or approved by the ISSM and ISSO, at a minimum.	Palo_Alto	DISA Palo Alto Networks ALG STIG v3r4
PANW-AG-000113 - The Palo Alto Networks security platform must generate a log record when unauthorized network services are detected.	Palo_Alto	DISA Palo Alto Networks ALG STIG v3r4
PANW-AG-000114 - The Palo Alto Networks security platform must generate an alert to, at a minimum, the ISSO and ISSM when unauthorized network services are detected.	Palo_Alto	DISA Palo Alto Networks ALG STIG v3r4
PANW-IP-000046 - The Palo Alto Networks security platform must detect use of network services that have not been authorized or approved by the ISSM and ISSO, at a minimum.	Palo_Alto	DISA Palo Alto Networks IDPS STIG v3r2
PANW-IP-000047 - The Palo Alto Networks security platform must generate a log record when unauthorized network services are detected.	Palo_Alto	DISA Palo Alto Networks IDPS STIG v3r2
PANW-IP-000048 - The Palo Alto Networks security platform must generate an alert to the ISSO and ISSM, at a minimum, when unauthorized network services are detected.	Palo_Alto	DISA Palo Alto Networks IDPS STIG v3r2
SYMP-AG-000610 - Symantec ProxySG providing content filtering must detect use of network services that have not been authorized or approved by the ISSM and ISSO, at a minimum.	BlueCoat	DISA Symantec ProxySG Benchmark ALG v1r3
SYMP-AG-000620 - Symantec ProxySG providing content filtering must generate a log record when access attempts to unauthorized websites and/or services are detected.	BlueCoat	DISA Symantec ProxySG Benchmark ALG v1r3
SYMP-AG-000630 - Symantec ProxySG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when access attempts to unauthorized websites and/or services are detected.	BlueCoat	DISA Symantec ProxySG Benchmark ALG v1r3

Detections

Analytics