Navigate

CCI-001777

CCI-001777 Definition

Review and update the list of authorized software programs per organization-defined frequency.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to review and update the list of authorized software programs monthly. The organization must maintain an audit trail of the review and update activity. DoD has defined the frequency as monthly.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the audit trail of reviews and updates to ensure that the organization being inspected/assessed reviews and updates the list of authorized software programs monthly. DoD has defined the frequency as monthly.

Compelling Evidence

1.) Signed and dated system security plan (SSP)

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001777.

Control	Description
CM-7(5)	The organization: (a): Identifies [organization-defined software programs authorized to execute on the information system]; (b): Employs a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the information system; and (c): Reviews and updates the list of authorized software programs [organization-defined frequency].