CM-10: Software Usage Restrictions

Control Family:

Configuration Management

CSF v1.1 References:

Baselines:

  • Low
    • CM-10
  • Moderate
    • CM-10
  • High
    • CM-10
  • Privacy

    N/A

Previous Version:

Control Statement

  1. Use software and associated documentation in accordance with contract agreements and copyright laws;
  2. Track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and
  3. Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.

Supplemental Guidance

Software license tracking can be accomplished by manual or automated methods, depending on organizational needs. Examples of contract agreements include software license agreements and non-disclosure agreements.

Control Enhancements

CM-10(1): Open-source Software

Baseline(s):

(Not part of any baseline)

Establish the following restrictions on the use of open-source software: [Assignment: organization-defined restrictions].

Related Controls

NIST Special Publication 800-53 Revision 5

Critical Security Controls Version 8

Critical Security Controls Version 7.1