NIST 800-53 REV 5 • CONFIGURATION MANAGEMENT

CM-7(9)Prohibiting The Use of Unauthorized Hardware

Identify {{ insert: param, cm-07.09_odp.01 }}; Prohibit the use or connection of unauthorized hardware components; Review and update the list of authorized hardware components {{ insert: param, cm-07.09_odp.02 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Hardware components provide the foundation for organizational systems and the platform for the execution of authorized software programs. Managing the inventory of hardware components and controlling which hardware components are permitted to be installed or connected to organizational systems is essential in order to provide adequate security.

Practitioner Notes

This enhancement extends least functionality to hardware — prohibiting unauthorized hardware components like USB devices, unauthorized network adapters, or rogue wireless access points.

Example 1: Use Group Policy to disable USB mass storage devices on all workstations, allowing only approved peripherals like keyboards and mice.

Example 2: Deploy wireless intrusion detection to identify unauthorized wireless access points connected to your network and physically locate them for removal.

More Configuration Management Controls

CM-1 Policy and Procedures CM-2 Baseline Configuration CM-2(1) Reviews and Updates CM-2(2) Automation Support for Accuracy and Currency