Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >SP 800-53
  3. >System And Information Integrity
  4. >SP800-53-SI-3(8)
SP800-53-SI-3(8)Active

Detect Unauthorized Commands

Statement

Detect the following unauthorized operating system commands through the kernel application programming interface on system hardware components: unauthorized operating system commands ; and one or more: issue a warning; audit the command execution; prevent the execution of the command.

Location

Control Family
System and Information Integrity

Control Details

Identifier
SP800-53-SI-3(8)
Family
SI
Parent Control
SP800-53-SI-3

Organisation-Defined Parameters

si-03.08_odp.01
unauthorized operating system commands
si-03.08_odp.02
system hardware components
si-03.08_odp.03
one or more: issue a warning; audit the command execution; prevent the execution of the command

Supplemental Guidance

Detecting unauthorized commands can be applied to critical interfaces other than kernel-based interfaces, including interfaces with virtual machines and privileged applications. Unauthorized operating system commands include commands for kernel functions from system processes that are not trusted to initiate such commands as well as commands for kernel functions that are suspicious even though commands of that type are reasonable for processes to initiate. Organizations can define the malicious commands to be detected by a combination of command types, command classes, or specific instances of commands. Organizations can also define hardware components by component type, component, component location in the network, or a combination thereof. Organizations may select different actions for different types, classes, or instances of malicious commands.

Assessment Objective

unauthorized operating system commands are detected through the kernel application programming interface on system hardware components; one or more: issue a warning; audit the command execution; prevent the execution of the command is/are performed.

No cross-framework mappings available

← Back to System and Information Integrity
System and Information Integrity119 controls
SP800-53-SI-1Policy and ProceduresSP800-53-SI-2Flaw RemediationSP800-53-SI-2(1)Central ManagementSP800-53-SI-2(2)Automated Flaw Remediation StatusSP800-53-SI-2(3)Time to Remediate Flaws and Benchmarks for Corrective ActionsSP800-53-SI-2(4)Automated Patch Management ToolsSP800-53-SI-2(5)Automatic Software and Firmware UpdatesSP800-53-SI-2(6)Removal of Previous Versions of Software and FirmwareSP800-53-SI-2(7)Root Cause AnalysisSP800-53-SI-3Malicious Code ProtectionSP800-53-SI-3(1)Central ManagementSP800-53-SI-3(2)Automatic UpdatesSP800-53-SI-3(3)Non-privileged UsersSP800-53-SI-3(4)Updates Only by Privileged UsersSP800-53-SI-3(5)Portable Storage DevicesSP800-53-SI-3(6)Testing and VerificationSP800-53-SI-3(7)Nonsignature-based DetectionSP800-53-SI-3(8)Detect Unauthorized CommandsSP800-53-SI-3(9)Authenticate Remote CommandsSP800-53-SI-3(10)Malicious Code AnalysisSP800-53-SI-4System MonitoringSP800-53-SI-4(1)System-wide Intrusion Detection SystemSP800-53-SI-4(2)Automated Tools and Mechanisms for Real-time AnalysisSP800-53-SI-4(3)Automated Tool and Mechanism IntegrationSP800-53-SI-4(4)Inbound and Outbound Communications TrafficSP800-53-SI-4(5)System-generated AlertsSP800-53-SI-4(6)Restrict Non-privileged UsersSP800-53-SI-4(7)Automated Response to Suspicious EventsSP800-53-SI-4(8)Protection of Monitoring InformationSP800-53-SI-4(9)Testing of Monitoring Tools and MechanismsSP800-53-SI-4(10)Visibility of Encrypted CommunicationsSP800-53-SI-4(11)Analyze Communications Traffic AnomaliesSP800-53-SI-4(12)Automated Organization-generated AlertsSP800-53-SI-4(13)Analyze Traffic and Event PatternsSP800-53-SI-4(14)Wireless Intrusion DetectionSP800-53-SI-4(15)Wireless to Wireline CommunicationsSP800-53-SI-4(16)Correlate Monitoring InformationSP800-53-SI-4(17)Integrated Situational AwarenessSP800-53-SI-4(18)Analyze Traffic and Covert ExfiltrationSP800-53-SI-4(19)Risk for IndividualsSP800-53-SI-4(20)Privileged UsersSP800-53-SI-4(21)Probationary PeriodsSP800-53-SI-4(22)Unauthorized Network ServicesSP800-53-SI-4(23)Host-based DevicesSP800-53-SI-4(24)Indicators of CompromiseSP800-53-SI-4(25)Optimize Network Traffic AnalysisSP800-53-SI-5Security Alerts, Advisories, and DirectivesSP800-53-SI-5(1)Automated Alerts and AdvisoriesSP800-53-SI-6Security and Privacy Function VerificationSP800-53-SI-6(1)Notification of Failed Security TestsSP800-53-SI-6(2)Automation Support for Distributed TestingSP800-53-SI-6(3)Report Verification ResultsSP800-53-SI-7Software, Firmware, and Information IntegritySP800-53-SI-7(1)Integrity ChecksSP800-53-SI-7(2)Automated Notifications of Integrity ViolationsSP800-53-SI-7(3)Centrally Managed Integrity ToolsSP800-53-SI-7(4)Tamper-evident PackagingSP800-53-SI-7(5)Automated Response to Integrity ViolationsSP800-53-SI-7(6)Cryptographic ProtectionSP800-53-SI-7(7)Integration of Detection and ResponseSP800-53-SI-7(8)Auditing Capability for Significant EventsSP800-53-SI-7(9)Verify Boot ProcessSP800-53-SI-7(10)Protection of Boot FirmwareSP800-53-SI-7(11)Confined Environments with Limited PrivilegesSP800-53-SI-7(12)Integrity VerificationSP800-53-SI-7(13)Code Execution in Protected EnvironmentsSP800-53-SI-7(14)Binary or Machine Executable CodeSP800-53-SI-7(15)Code AuthenticationSP800-53-SI-7(16)Time Limit on Process Execution Without SupervisionSP800-53-SI-7(17)Runtime Application Self-protectionSP800-53-SI-8Spam ProtectionSP800-53-SI-8(1)Central ManagementSP800-53-SI-8(2)Automatic UpdatesSP800-53-SI-8(3)Continuous Learning CapabilitySP800-53-SI-9Information Input RestrictionsSP800-53-SI-10Information Input ValidationSP800-53-SI-10(1)Manual Override CapabilitySP800-53-SI-10(2)Review and Resolve ErrorsSP800-53-SI-10(3)Predictable BehaviorSP800-53-SI-10(4)Timing InteractionsSP800-53-SI-10(5)Restrict Inputs to Trusted Sources and Approved FormatsSP800-53-SI-10(6)Injection PreventionSP800-53-SI-11Error HandlingSP800-53-SI-12Information Management and RetentionSP800-53-SI-12(1)Limit Personally Identifiable Information ElementsSP800-53-SI-12(2)Minimize Personally Identifiable Information in Testing, Training, and ResearchSP800-53-SI-12(3)Information DisposalSP800-53-SI-13Predictable Failure PreventionSP800-53-SI-13(1)Transferring Component ResponsibilitiesSP800-53-SI-13(2)Time Limit on Process Execution Without SupervisionSP800-53-SI-13(3)Manual Transfer Between ComponentsSP800-53-SI-13(4)Standby Component Installation and NotificationSP800-53-SI-13(5)Failover CapabilitySP800-53-SI-14Non-persistenceSP800-53-SI-14(1)Refresh from Trusted SourcesSP800-53-SI-14(2)Non-persistent InformationSP800-53-SI-14(3)Non-persistent ConnectivitySP800-53-SI-15Information Output FilteringSP800-53-SI-16Memory ProtectionSP800-53-SI-17Fail-safe ProceduresSP800-53-SI-18Personally Identifiable Information Quality OperationsSP800-53-SI-18(1)Automation SupportSP800-53-SI-18(2)Data TagsSP800-53-SI-18(3)CollectionSP800-53-SI-18(4)Individual RequestsSP800-53-SI-18(5)Notice of Correction or DeletionSP800-53-SI-19De-identificationSP800-53-SI-19(1)CollectionSP800-53-SI-19(2)ArchivingSP800-53-SI-19(3)ReleaseSP800-53-SI-19(4)Removal, Masking, Encryption, Hashing, or Replacement of Direct IdentifiersSP800-53-SI-19(5)Statistical Disclosure ControlSP800-53-SI-19(6)Differential PrivacySP800-53-SI-19(7)Validated Algorithms and SoftwareSP800-53-SI-19(8)Motivated IntruderSP800-53-SI-20TaintingSP800-53-SI-21Information RefreshSP800-53-SI-22Information DiversitySP800-53-SI-23Information Fragmentation