Description
The organization enforces explicit rules governing the installation of software by users.
Supplemental Guidance
If provided the necessary privileges, users have the ability to install software. The organization identifies what types of software installations are permitted (e.g., updates and security patches to existing software) and what types of installations are prohibited (e.g., software that is free only for personal, not government use, and software whose pedigree with regard to being potentially malicious is unknown or suspect).
Enhancements
(0) None.
Compliance Mappings
ISO 42001:2023
A.4.4A.9.4
ANSSI
Hygiene.20SecNumCloud.13.1
FINMA Circular 2023/1
IV.A(36)IV.C(64)
OSFI B-13
B-13.2.2B-13.3.2
EU GDPR
Art.25(1)
EU DORA
Art.9(4)(e)
ISO 17799 (legacy)
15.1.2
COBIT 4.1 (legacy)
DS9.3