CCI-003981

Enforce and monitor compliance with software installation policies using organization-defined automated mechanisms.

Implementation Guidance

Determine if: - compliance with software installation policies is enforced using [CM-11(03)_ODP[01]; automated mechanisms used to enforce compliance are defined]. - compliance with software installation policies is monitored using [CM-11(03)_ODP[02]; automated mechanisms used to monitor compliance are defined].

Validation Procedures

Examine: [SELECT FROM: Configuration management policy; procedures addressing user-installed software; configuration management plan; system security plan; system design documentation; system configuration settings and associated documentation; list of rules governing user installed software; system monitoring records; system audit records; continuous monitoring strategy; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for governing user-installed software; organizational personnel operating, using, and/or maintaining the system; organizational personnel monitoring compliance with user-installed software policy; organizational personnel with information security responsibilities; system/network administrators]. Test: [SELECT FROM: Organizational processes governing user-installed software on the system; automated mechanisms enforcing policies on installation of software by users; automated mechanisms monitoring policy compliance].

The controls below (if any) were marked by NIST as being related to CCI-003981.