CM-5(3)—Access Restrictions For Change

Operational

>Control Description

ACCESS RESTRICTIONS FOR CHANGE | SIGNED COMPONENTS The information system prevents the installation of ⚙organization-defined software and firmware components without verification that the component has been digitally signed using a certificate that is recognized and approved by the organization.

>Supplemental Guidance

Software and firmware components prevented from installation unless signed with recognized and approved certificates include, for example, software and firmware version updates, patches, service packs, device drivers, and basic input output system (BIOS) updates. Organizations can identify applicable software and firmware components by type, by specific items, or a combination of both. Digital signatures and organizational verification of such signatures, is a method of code authentication.

Related controls: CM-7, SC-13, SI-7.

>Tailoring Guidance

This security control/enhancement specifies a very specialized and/or advanced capability that is not required for all systems. Consequently, inclusion in a departmental profile is made on a case by case basis.

Ask AI

Configure your API key to use AI features.