Hardware components provide the foundation for organizational systems and the platform for the execution of authorized software programs. Managing the inventory of hardware components and controlling which hardware components are permitted to be installed or connected to organizational systems is essential to provide adequate security.
Check
Verify the operating system is configured to prohibit the use or connection of unauthorized hardware components.
If the operating system is using undocumented or unapproved hardware, this is a finding.
Fix
Configure the operating system to prohibit the use or connection of unauthorized hardware components. Remove any hardware that is not documented or not approved by the information system security officer (ISSO) or information system security manager (ISSM).