CM-07(04) Unauthorized Software — Deny-by-exception
(a) Identify cm-07.04_odp.01;
(b) Employ an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the system; and
(c) Review and update the list of unauthorized software programs cm-07.04_odp.02.
| Parameter ID | Definition |
|---|---|
| cm-07.04_odp.01 | software programs |
| cm-07.04_odp.02 | frequency |
Baselines
- L
- M
- H
- P
Guidance
Unauthorized software programs can be limited to specific versions or from a specific source. The concept of prohibiting the execution of unauthorized software may also be applied to user actions, system ports and protocols, IP addresses/ranges, websites, and MAC addresses.
Related controls 5
- CM-06 Configuration Settings L M H P
- CM-08 System Component Inventory L M H P
- CM-10 Software Usage Restrictions L M H P
- PL-09 Central Management L M H P
- PM-05 System Inventory L M H P