Description
a. Use software and associated documentation in accordance with contract agreements and copyright laws; b. Track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and c. Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.
Supplemental Guidance
Software license tracking can be accomplished by manual or automated methods, depending on organizational needs. Examples of contract agreements include software license agreements and non-disclosure agreements.
Changes from Rev 4
No significant changes from Rev 4.
MITRE ATT&CK Techniques (9)
ATT&CK v16.1Techniques mitigated by this control, mapped via CTID.
Execution 2 Persistence 2 Privilege Escalation 2 Defense Evasion 5 Lateral Movement 1
Privilege Escalation
Defense Evasion
Lateral Movement
Compliance Mappings
ISO 27001:2022
A.8.9
ISO 27002:2022
5.37
COBIT 2019
BAI10
CIS Controls v8
CIS 2CIS 2.1CIS 2.4
NIST CSF 2.0
ID.AM-02
BIO2
5.37
RBI CSF
Annex1.2
UAE IA
T7
Qatar NIA
OS
CBE CSF
CTO-7
FFIEC IS
II.C.13(e)
ECB CROE
CROE.2.3.4
SEBI CSCRF
PR.ESPR.IP
BOT Cyber Resilience
Ch2.1
CMMC 2.0
CM
Lloyd's Minimum Standards
MS8.4