← Back to catalog
CM-7(4)

Unauthorized Software — Deny-by-exception

Configuration Management (CM)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Identify [assignment]; Employ an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the system; and Review and update the list of unauthorized software programs [assignment].

Discussion

Unauthorized software programs can be limited to specific versions or from a specific source. The concept of prohibiting the execution of unauthorized software may also be applied to user actions, system ports and protocols, IP addresses/ranges, websites, and MAC addresses.

Implementation guidance

No content available.

CSF 2.0 crosswalk
PR.PS-05Installation and execution of unauthorized software are preventedProtect