CCC-04: Unauthorized Software Installations

Control Family:

Change Control & Configuration Management

CSF v1.1 References:

ID.AM-2
PR.DS-3
PR.IP-3
PR.PT-3
DE.CM-1
DE.CM-4
DE.CM-5
DE.CM-7

PF v1.0 References:

PR.PO-P2
PR.DS-P3
PR.PT-P2

Threats Addressed:

Tampering
Elevation of Privilege

Control Statement

Policies and procedures shall be established, and supporting business processes and technical measures implemented, to restrict the installation of unauthorized software on organizationally-owned or managed user end-point devices (e.g., issued workstations, laptops, and mobile devices) and IT infrastructure network and systems components.

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4