CM-7(7)—Code Execution In Protected Environments
>Control Description
Allow execution of binary or machine-executable code only in confined physical or virtual machine environments and with the explicit approval of [Assignment: organization-defined personnel or roles] when such code is: a. Obtained from sources with limited or no warranty; and/or b. Without the provision of source code.
>Supplemental Guidance
Code execution in protected environments applies to all sources of binary or machine-executable code, including commercial software and firmware and open-source software.