CM-11(3): Automated Enforcement and Monitoring

Control Family:

Configuration Management

Parent Control:

CM-11: User-installed Software

CSF v1.1 References:

DE.CM-3

Threats Addressed:

Elevation of Privilege

Baselines:

(Not part of any baseline)

Control is new to this version of the control set.

Control Statement

Enforce and monitor compliance with software installation policies using [Assignment: organization-defined automated mechanisms].

Supplemental Guidance

Organizations enforce and monitor compliance with software installation policies using automated mechanisms to more quickly detect and respond to unauthorized software installation which can be an indicator of an internal or external hostile attack.