← Back to catalog
CM-7(8)

Binary or Machine Executable Code

Configuration Management (CM)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Prohibit the use of binary or machine-executable code from sources with limited or no warranty or without the provision of source code; and Allow exceptions only for compelling mission or operational requirements and with the approval of the authorizing official.

Discussion

Binary or machine executable code applies to all sources of binary or machine-executable code, including commercial software and firmware and open-source software. Organizations assess software products without accompanying source code or from sources with limited or no warranty for potential security impacts. The assessments address the fact that software products without the provision of source code may be difficult to review, repair, or extend. In addition, there may be no owners to make such repairs on behalf of organizations. If open-source software is used, the assessments address the fact that there is no warranty, the open-source software could contain back doors or malware, and there may be no support available.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.