SI-7(13): Code Execution In Protected Environments

Control Family:

System And Information Integrity

Parent Control:

SI-7: Software, Firmware, And Information Integrity

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

PR.DS-6
PR.DS-8

Threats Addressed:

Tampering
Elevation of Privilege

Baselines:

(Not part of any baseline)

Control is withdrawn in the next version of this control set and incorporated into: CM-7(7): Code Execution in Protected Environments.

Control Statement

The organization allows execution of binary or machine-executable code obtained from sources with limited or no warranty and without the provision of source code only in confined physical or virtual machine environments and with the explicit approval of [Assignment: organization-defined personnel or roles].

Supplemental Guidance

This control enhancement applies to all sources of binary or machine-executable code including, for example, commercial software/firmware and open source software.