CM-11

Configuration ManagementRev 5organization

User-Installed Software

Baselines:LowModerateHigh

Control Statement

a. Establish [Assignment: policies] governing the installation of software by users; b. Enforce software installation policies through the following methods: [Assignment: methods] ; and c. Monitor policy compliance [Assignment: frequency].

Supplemental Guidance

If provided the necessary privileges, users can install software in organizational systems. To maintain control over the software installed, organizations identify permitted and prohibited actions regarding software installation. Permitted software installations include updates and security patches to existing software and downloading new applications from organization-approved "app stores." Prohibited software installations include software with unknown or suspect pedigrees or software that organizations consider potentially malicious. Policies selected for governing user-installed software are organization-developed or provided by some external entity. Policy enforcement methods can include procedural methods and automated methods.

Related Controls (11)

AC-3 AU-6 CM-2 CM-3 CM-5 CM-6 CM-7 CM-8 PL-4 SI-4 SI-7

CCI Identifiers (6)

CCI-001809Monitor software installation policy compliance per an organization-defined frequency.CCI-001804Defines the policies for governing the installation of software by users.CCI-001805Establish organization-defined policies governing the installation of software by users.CCI-001806Defines methods to be employed to enforce the software installation policies.CCI-001807Enforce software installation policies through organization-defined methods.CCI-001808Defines the frequency on which it will monitor software installation policy compliance.

Linked STIG Checks (10)

Across 4 STIGs. Click to expand.