Show/Hide Toolbars

ABCI Consultants

Guidance for NIST 800-171 Assessment & Compliance

Navigation: SI-FAMILY: SYSTEM AND INFORMATION INTEGRITY

SI-4(22) INFORMATION SYSTEM MONITORING  |  UNAUTHORIZED NETWORK SERVICES
Scroll Prev Top Next More

Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

 

 

 

 

 

 

 

 

 

 

 

 

###

si-4(22)

information system monitoring  | unauthorized network services

 

assessment objective:

Determine if:

si-4(22)[1]

the organization defines authorization or approval processes for network services;

si-4(22)[2]

the organization defines personnel or roles to be alerted upon detection of network services that have not been authorized or approved by organization-defined authorization or approval processes;

si-4(22)[3]

the information system detects network services that have not been authorized or approved by organization-defined authorization or approval processes and does one or more of the following:

si-4(22)[3][a]

audits; and/or

si-4(22)[3][b]

alerts organization-defined personnel or roles.

potential assessment methods and objects:

Examine: [select from: System and information integrity policy; procedures addressing information system monitoring tools and techniques; information system design documentation; information system monitoring tools and techniques documentation; information system configuration settings and associated documentation; documented authorization/approval of network services; notifications or alerts of unauthorized network services; information system monitoring logs or records; information system audit records; other relevant documents or records].

Interview: [select from: System/network administrators; organizational personnel with information security responsibilities; system developer; organizational personnel installing, configuring, and/or maintaining the information system; organizational personnel with responsibility for monitoring the information system].

Test: [select from: Organizational processes for information system monitoring; automated mechanisms supporting and/or implementing system monitoring capability; automated mechanisms for auditing network services; automated mechanisms for providing alerts].

Hosted by ABCI Consultants for Information Security Management Systems | Implementations, Training and Assessments for Compliance | (800) 644-2056