>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CM-7(4)Least Functionality

Operational

>Control Description

LEAST FUNCTIONALITY | UNAUTHORIZED SOFTWARE / BLACKLISTING (a) The organization identifies organization-defined software programs not authorized to execute on the information system; (b) The organization employs an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the information system; and (c) The organization reviews and updates the list of unauthorized software programs organization-defined frequency.

>Supplemental Guidance

The process used to identify software programs that are not authorized to execute on organizational information systems is commonly referred to as blacklisting. Organizations can implement CM-7 (5) instead of this control enhancement if whitelisting (the stronger of the two policies) is the preferred approach for restricting software program execution. Related controls: CM-6, CM-8.

Ask AI

Configure your API key to use AI features.