CM-7(4): Unauthorized Software

Control Family:

Configuration Management

Parent Control:

CM-7: Least Functionality

CSF v1.1 References:

PR.IP-1
PR.PT-3

Threats Addressed:

Elevation of Privilege

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
CM-7(4): Unauthorized Software / Blacklisting

Control Statement

Identify [Assignment: organization-defined software programs not authorized to execute on the system];
Employ an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the system; and
Review and update the list of unauthorized software programs [Assignment: organization-defined frequency].

Supplemental Guidance

Unauthorized software programs can be limited to specific versions or from a specific source. The concept of prohibiting the execution of unauthorized software may also be applied to user actions, system ports and protocols, IP addresses/ranges, websites, and MAC addresses.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5