STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

CM-7 (4)

Configuration ManagementRev 5organization

Least Functionality

Control Statement

(a) Identify [Assignment: software programs]; (b) Employ an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the system; and (c) Review and update the list of unauthorized software programs [Assignment: frequency].

Supplemental Guidance

Unauthorized software programs can be limited to specific versions or from a specific source. The concept of prohibiting the execution of unauthorized software may also be applied to user actions, system ports and protocols, IP addresses/ranges, websites, and MAC addresses.

Related Controls (5)

CM-6CM-8CM-10PL-9PM-5

CCI Identifiers (7)

CCI-001765Defines the software programs not authorized to execute on the system.CCI-001766Identify the organization-defined software programs not authorized to execute on the system.CCI-001767Employ an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the system.CCI-001768Defines the frequency on which the list of unauthorized software programs will be reviewed and updated.CCI-001769The organization defines the frequency on which it will update the list of unauthorized software programs.deprecatedCCI-001770Review and update the list of unauthorized software programs per organization-defined frequency.CCI-001771The organization updates the list of unauthorized software programs per organization-defined frequency.deprecated

Linked STIG Checks (0)

No STIG checks reference this control.