Navigate

CCI-001774

CCI-001774 Definition

The organization employs a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the information system.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed configures the information system to deny-all and only permit by exception the execution of authorized software programs on the information system.

Validation Procedures

The organization conducting the inspection/assessment examines the information system to ensure that it is configured to deny-all and only permit by exception the execution of authorized software programs on the information system.

Compelling Evidence

1.) Signed and dated system security plan (SSP)

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001774.

Control	Description
CM-7 (5)	The organization: CM-7 (5)(a): Identifies [Assignment: organization-defined software programs authorized to execute on the information system]; CM-7 (5)(b): Employs a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the information system; and CM-7 (5)(c): Reviews and updates the list of authorized software programs [Assignment: organization-defined frequency].

Control

Description

CM-7 (5)

The organization:

CM-7 (5)(a): Identifies [Assignment: organization-defined software programs authorized to execute on the information system];

CM-7 (5)(b): Employs a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the information system; and

CM-7 (5)(c): Reviews and updates the list of authorized software programs [Assignment: organization-defined frequency].