PR.PS-05: Installation and execution of unauthorized software are prevented

Info icon.

Subcategory is new to this version of the framework.

Description

[csf.tools Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

Ex1: When risk warrants it, restrict software execution to permitted products only or deny the execution of prohibited and unauthorized software

Ex2: Verify the source of new software and the software's integrity before installing it

Ex3: Configure platforms to use only approved DNS services that block access to known malicious domains

Ex4: Configure platforms to allow the installation of organization-approved software only