The organization must employ automated mechanisms, per organization-defined frequency, to detect the addition of unauthorized components/devices into the information system.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-26964	SRG-APP-NA	SV-34249r1_rule		Medium

Description
Information deemed to be necessary by the organization to achieve effective property accountability can include: hardware inventory specifications (manufacturer, type, model, serial number, physical location), software license information, information system/component owner, and for a networked component/device, the machine name and network address. This is not an application requirement. This requirement is regarding information system component inventory. The purpose is to require organizations to employ an automated mechanism to inventory and detect when new devices and components are installed into information systems.

Description

Information deemed to be necessary by the organization to achieve effective property accountability can include: hardware inventory specifications (manufacturer, type, model, serial number, physical location), software license information, information system/component owner, and for a networked component/device, the machine name and network address. This is not an application requirement. This requirement is regarding information system component inventory. The purpose is to require organizations to employ an automated mechanism to inventory and detect when new devices and components are installed into information systems.

STIG	Date
Application Security Requirements Guide	2011-12-28

Details

Check Text ( None )
None

Fix Text (None)
None