Navigate

CCI-001767

CCI-001767 Definition

The organization employs an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the information system.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

Within the DoD, this control cannot be implemented.

Validation Procedures

Within the DoD, this control cannot be implemented.

Compelling Evidence

1.) Signed and dated system security plan (SSP)

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001767.

Control	Description
CM-7 (4)	The organization: CM-7 (4)(a): Identifies [Assignment: organization-defined software programs not authorized to execute on the information system]; CM-7 (4)(b): Employs an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the information system; and CM-7 (4)(c): Reviews and updates the list of unauthorized software programs [Assignment: organization-defined frequency].

Control

Description

CM-7 (4)

The organization:

CM-7 (4)(a): Identifies [Assignment: organization-defined software programs not authorized to execute on the information system];

CM-7 (4)(b): Employs an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the information system; and

CM-7 (4)(c): Reviews and updates the list of unauthorized software programs [Assignment: organization-defined frequency].