CCI-001763

Implementation Guidance

Determine if program execution is prevented in accordance with [CM-07(02)_ODP[01]; one or more of the following PARAMETER VALUES is/are selected: {[CM-07(02)_ODP[02]; policies, rules of behavior, and/or access agreements regarding software program usage and restrictions are defined (if selected)]; rules authorizing the terms and conditions of software program usage}].

Validation Procedures

Examine: [SELECT FROM: Configuration management policy; procedures addressing least functionality in the system; configuration management plan; system design documentation; system configuration settings and associated documentation; system component inventory; common secure configuration checklists; specifications for preventing software program execution; change control records; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with information security responsibilities; system/network administrators; system developers]. Test: [SELECT FROM: Organizational processes preventing program execution on the system; organizational processes for software program usage and restrictions; mechanisms preventing program execution on the system; mechanisms supporting and/or implementing software program usage and restrictions].