CM-7(8)

  • Requirement

    1. Prohibit the use of binary or machine-executable code from sources with limited or no warranty or without the provision of source code; and
    2. Allow exceptions only for compelling mission or operational requirements and with the approval of the authorizing official.
  • Discussion

    Binary or machine executable code applies to all sources of binary or machine-executable code, including commercial software and firmware and open-source software. Organizations assess software products without accompanying source code or from sources with limited or no warranty for potential security impacts. The assessments address the fact that software products without the provision of source code may be difficult to review, repair, or extend. In addition, there may be no owners to make such repairs on behalf of organizations. If open-source software is used, the assessments address the fact that there is no warranty, the open-source software could contain back doors or malware, and there may be no support available.

More Info

  • Title

    Least Functionality | Binary or Machine Executable Code
  • Family

    Configuration Management
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

      SA-5;SA-22

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!