• Requirement

    1. Identify [Assignment: organization-defined software programs not authorized to execute on the system];
    2. Employ an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the system; and
    3. Review and update the list of unauthorized software programs [Assignment: organization-defined frequency].
  • Discussion

    Unauthorized software programs can be limited to specific versions or from a specific source. The concept of prohibiting the execution of unauthorized software may also be applied to user actions, system ports and protocols, IP addresses/ranges, websites, and MAC addresses.

More Info

  • Title

    Least Functionality | Unauthorized Software — Deny-by-exception
  • Family

    Configuration Management
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID


    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!