CM-7(6): Confined Environments with Limited Privileges

Control Family:

Configuration Management

Parent Control:

CM-7: Least Functionality

CSF v1.1 References:

PR.IP-1
PR.PT-3

Threats Addressed:

Elevation of Privilege

Baselines:

(Not part of any baseline)

Control is new to this version of the control set and incorporates the following control from the previous version: SI-7(11): Confined Environments With Limited Privileges.

Control Statement

Require that the following user-installed software execute in a confined physical or virtual machine environment with limited privileges: [Assignment: organization-defined user-installed software].

Supplemental Guidance

Organizations identify software that may be of concern regarding its origin or potential for containing malicious code. For this type of software, user installations occur in confined environments of operation to limit or contain damage from malicious code that may be executed.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5