CM-7(7): Code Execution in Protected Environments

CSF v1.1 References:

Threats Addressed:


(Not part of any baseline)

Info icon.

Control is new to this version of the control set and incorporates the following item from the previous version: SI-7(13): Code Execution In Protected Environments.

Control Statement

Allow execution of binary or machine-executable code only in confined physical or virtual machine environments and with the explicit approval of [Assignment: organization-defined personnel or roles] when such code is:

  1. Obtained from sources with limited or no warranty; and/or
  2. Without the provision of source code.

Supplemental Guidance

Code execution in protected environments applies to all sources of binary or machine-executable code, including commercial software and firmware and open-source software.