CM-10: Software Usage Restrictions

CSF v1.1 References:

Baselines:

  • Low
    • CM-10
  • Moderate
    • CM-10
  • High
    • CM-10

Next Version:

Control Statement

The organization:

  1. Uses software and associated documentation in accordance with contract agreements and copyright laws;
  2. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and
  3. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.

Supplemental Guidance

Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs.

Control Enhancements

CM-10(1): Open Source Software

Baseline(s):

(Not part of any baseline)

The organization establishes the following restrictions on the use of open source software: [Assignment: organization-defined restrictions].