CMMC Level 2
Control 3.14.7
Identify Unauthorized Use of Systems
CMMC-RP Certified Team
24+ Years Experience
CMMC-AB RPO #1449
Official Requirement
Identify unauthorized use of organizational information systems.
What This Means in Plain English
You must be able to detect when systems are being used in unauthorized ways. This includes unauthorized access attempts, unusual login patterns, prohibited activities, and policy violations.
How Petronella Implements This Control
Petronella Technology Group implements this control through:
- Arctic Wolf SIEM with User and Entity Behavior Analytics (UEBA) detecting anomalous usage patterns
- CrowdStrike Falcon monitoring for unauthorized processes and suspicious endpoint behavior
- Microsoft Entra Identity Protection detecting risky sign-ins and compromised accounts
- Sophos XDR alerting on policy violations and unauthorized application usage
- Weekly security review analyzing trends in unauthorized use detection
Assessment Guidance
Assessors will verify that unauthorized use detection mechanisms are in place, review sample alerts for unauthorized use events, check that UEBA or behavioral analytics are deployed, and confirm that detected unauthorized use triggers investigation and response.
Common Implementation Gaps
- No behavioral analytics or anomaly detection
- No monitoring for unauthorized use beyond basic login failures
- Alerts for unauthorized use not investigated
- No baseline of normal behavior to compare against
- Unauthorized use detection limited to network layer only
Cross-Framework Mapping
| Framework | Mapped Controls |
|---|---|
| NIST SP 800-53 | SI-4 |
| PCI DSS | Req 10.6 - Review logs and security events |
Need Help Implementing 3.14.7?
Our CMMC-RP certified team can assess your current compliance posture and build a remediation plan.
Schedule a Compliance Assessment Calculate your SPRS score