RA-5(7) — Automated Detection and Notification of Unauthorized Components

This enhancement uses automated tools to detect unauthorized hardware, software, or services on your network and alert you immediately. Rogue devices and unapproved software are common attack vectors.

Example 1: Deploy a Network Access Control (NAC) solution like Cisco ISE or Forescout that automatically detects devices connecting to your network and quarantines any device not in your approved inventory. Alert your security team when an unauthorized device is detected.

Example 2: In Microsoft Defender for Endpoint, enable Device Discovery to find unmanaged devices on your network. Configure alerts for new devices that appear and are not enrolled in management. Use Intune's compliance policies to block non-compliant devices from accessing corporate resources.