NIST 800-53 Rev. 5

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
PT
RA
SA
SC
SI
SR
CM-1
CM-2
CM-11(1)
CM-2(2)
CM-2(3)
CM-2(1)
CM-2(4)
CM-2(6)
CM-2(7)
CM-3
CM-3(1)
CM-3(2)
CM-3(3)
CM-3(4)
CM-3(5)
CM-3(6)
CM-3(7)
CM-3(8)
CM-4
CM-4(1)
CM-4(2)
CM-5
CM-5(1)
CM-2(5)
CM-5(2)
CM-5(4)
CM-5(5)
CM-5(6)
CM-5(3)
CM-6
CM-6(1)
CM-6(2)
CM-5(7)
CM-6(3)
CM-7
CM-7(1)
CM-7(2)
CM-7(3)
CM-7(4)
CM-7(5)
CM-7(6)
CM-7(7)
CM-7(8)
CM-7(9)
CM-8
CM-8(1)
CM-8(2)
CM-8(3)
CM-8(4)
CM-6(4)
CM-8(6)
CM-8(7)
CM-8(8)
CM-8(9)
CM-9
CM-9(1)
CM-10
CM-10(1)
CM-11
CM-8(5)
CM-11(2)
CM-11(3)
CM-12
CM-12(1)
CM-13
CM-14

CM-7(4): Least Functionality | Unauthorized Software — Deny-by-exception

Control Text:

(a) Identify [Assignment: organization-defined software programs not authorized to execute on the system]; (b) Employ an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the system; and (c) Review and update the list of unauthorized software programs [Assignment: organization-defined frequency].

Unauthorized software programs can be limited to specific versions or from a specific source. The concept of prohibiting the execution of unauthorized software may also be applied to user actions, system ports and protocols, IP addresses/ranges, websites, and MAC addresses.

Related Controls