Description
a. Establish [Assignment: organization-defined policies] governing the installation of software by users; b. Enforce software installation policies through [Assignment: organization-defined methods]; and c. Monitor policy compliance [Assignment: organization-defined frequency].
Supplemental Guidance
If provided the necessary privileges, users can install software in organizational systems. To maintain control over the software installed, organizations identify permitted and prohibited actions regarding software installation. Permitted software installations include updates and security patches to existing software and downloading new applications from organization-approved application stores. Prohibited software installations include software with unknown or suspect pedigrees or software that organizations consider potentially malicious.
Changes from Rev 4
No significant changes from Rev 4.
MITRE ATT&CK Techniques (33)
ATT&CK v16.1Techniques mitigated by this control, mapped via CTID.