GRCWatch
Sign inStart free trial

NIST DE.CM-7: Unauthorized Asset Monitoring

Unauthorized assets pose significant security risks to your organization. DE.CM-7 requires continuous monitoring for unauthorized personnel, connections, devices, and software across your environment. This control is essential for maintaining asset inventory accuracy and preventing shadow IT vulnerabilities.

What this means

DE.CM-7 mandates that your organization actively monitors all network activity and systems to identify unauthorized elements before they cause damage. This includes detecting unauthorized users accessing systems, unauthorized network connections, unauthorized devices connecting to your network, and unauthorized software installed on managed assets. The goal is real-time visibility into what (and who) is actually operating within your IT environment.

How to comply

  1. 1.Deploy network monitoring tools to track all inbound and outbound connections
  2. 2.Implement endpoint detection and response (EDR) solutions to monitor device activity
  3. 3.Conduct regular asset discovery scans to identify unauthorized hardware
  4. 4.Monitor software installations and compare against approved application lists
  5. 5.Track user access logs and identify suspicious authentication patterns
  6. 6.Establish baseline network traffic profiles to detect anomalies
  7. 7.Document all monitoring procedures and retention policies
  8. 8.Review monitoring alerts daily and investigate unauthorized activities within SLAs

Evidence auditors look for

  • Network traffic logs showing blocked unauthorized connection attempts
  • EDR alert records documenting detection of unauthorized software
  • Asset inventory reports with timestamps of discovery scans
  • User access logs with flagged unauthorized login attempts
  • Network baseline documentation with deviation analysis
  • Incident response records for unauthorized device detections
  • Approved software whitelist compared against actual device inventories
  • Monthly monitoring dashboard reports highlighting unauthorized activity trends

Frequently asked questions

When will FAQs be available?

The FAQ for this control is currently being prepared.

GRCWatch automates unauthorized asset detection by correlating network logs, EDR data, and vulnerability scans in one dashboard, eliminating manual log review and accelerating your response to unauthorized connections.

See how GRCWatch handles this control automatically

Start free trial

Related controls

DE.CM-1 Network monitoringDE.CM-3 Personnel activity monitoringID.AM-1 Asset inventory and managementDE.CM-6 Maintenance activity monitoring