CCI-002730

The organization defines the user-installed software that is to be executed in a confined physical or virtual machine environment with limited privileges.

Implementation Guidance

The organization being inspected/assessed defines and documents the user-installed software that is to be executed in a confined physical or virtual machine environment with limited privileges. DoD has determined the user-installed software is not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented user-installed software to ensure the organization being inspected/assessed defines the user-installed software that is to be executed in a confined physical or virtual machine environment with limited privileges. DoD has determined the user-installed software is not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated System security plan with reference to section that defines the user-installed software that is to be executed in a confined physical or virtual machine environment with limited privileges.

The controls below (if any) were marked by NIST as being related to CCI-002730.