Unauthorized Software from NIST 800-53 v5 framework

SAMMY UI is optimized for resolutions with a width 1024px and higher.

Access Control
Awareness and Training
Audit and Accountability
Assessment, Auithorization and Monitoring
Configuration Management
Contingency Planning
Identification and Authentication
Incident Response
Maintenance
Media Protection
Physical and Environmental Protection
Planning
Program Management
Personnel Security
Personally Identifiable Information Processing and Transparency
Risk Assessment
System and Services Acquisition
System and Communications Protection
System and Information Integrity
Supply Chain Risk Management

Unauthorized Software

CM-7(4): Unauthorized Software

(a) Identify [Assignment: organization-defined software programs not authorized to execute on the system];
(b) Employ an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the system; and
(c) Review and update the list of unauthorized software programs [Assignment: organization-defined frequency].

Description

Unauthorized software programs can be limited to specific versions or from a specific source. The concept of prohibiting the execution of unauthorized software may also be applied to user actions, system ports and protocols, IP addresses/ranges, websites, and MAC addresses.