• Requirement

    1. Establish [Assignment: organization-defined policies] governing the installation of software by users;
    2. Enforce software installation policies through the following methods: [Assignment: organization-defined methods]; and
    3. Monitor policy compliance [Assignment: organization-defined frequency].
  • Discussion

    If provided the necessary privileges, users can install software in organizational systems. To maintain control over the software installed, organizations identify permitted and prohibited actions regarding software installation. Permitted software installations include updates and security patches to existing software and downloading new applications from organization-approved app stores. Prohibited software installations include software with unknown or suspect pedigrees or software that organizations consider potentially malicious. Policies selected for governing user-installed software are organization-developed or provided by some external entity. Policy enforcement methods can include procedural methods and automated methods.

More Info

  • Title

    User-installed Software
  • Family

    Configuration Management
  • NIST 800-53B Baseline(s)

    • Low
    • Moderate
    • High
  • Related NIST 800-53 ID


NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!