An ISCM capability that identifies unauthorized software on devices that is likely to be used by attackers as a platform from which to extend compromise of the network to be mitigated.

Source: NISTIR 8011 Vol. 1 | Category: