Navigate

CM-7(7)

CM-7(7): Code Execution in Protected Environments

Allow execution of binary or machine-executable code only in confined physical or virtual machine environments and with the explicit approval of [personnel or roles to explicitly approve execution of binary or machine-executable code is/are defined;] when such code is:

(a): Obtained from sources with limited or no warranty; and/or

(b): Without the provision of source code.

Supplemental

Code execution in protected environments applies to all sources of binary or machine-executable code, including commercial software and firmware and open-source software.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
DAF Baseline

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to CM-7(7).

Control	Description
CM-10	a: Use software and associated documentation in accordance with contract agreements and copyright laws; b: Track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and c: Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.
SC-44	Employ a detonation chamber capability within [the system, system component, or location where a detonation chamber capability is to be employed is defined;].

Control

Description

CM-10

a: Use software and associated documentation in accordance with contract agreements and copyright laws;

b: Track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and

c: Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.

SC-44

Employ a detonation chamber capability within [the system, system component, or location where a detonation chamber capability is to be employed is defined;].

Enhancements

The controls below (if any) add on to the requirements of CM-7(7).

Control	Description
No controls

Related CCIs

The CCIs below are tied to CM-7(7).

CCI	Definition
CCI-003951	Allow execution of binary or machine-executable code only in confined physical or virtual machine environments and with the explicit approval of organization-defined personnel or roles when such code is obtained from sources with limited or no warranty.
CCI-003952	Defines the personnel or roles who allow execution of binary or machine-executable code only in confined physical or virtual machine environments when such code is obtained from sources with limited or no warranty.
CCI-003953	Allow execution of binary or machine-executable code only in confined physical or virtual machine environments and with the explicit approval of organization-defined personnel or roles when such code is without the provision of source code.
CCI-003954	Defines the personnel or roles who allow execution of binary or machine-executable code only in confined physical or virtual machine environments when such code is without the provision of source code.