An ISCM capability that identifies unauthorized software on devices that is likely to be used by attackers as a platform from which to extend compromise of the network to be mitigated.
NISTIR 8011 Vol. 1
See Capability, Software Asset Management.
NISTIR 8011 Vol. 1 under Software Asset Management