Description
The organization enforces explicit rules governing the installation of software by users.\n
Supplemental Guidance
If provided the necessary privileges, users have the ability to install software. The organization identifies what types of software installations are permitted (e.g., updates and security patches to existing software) and what types of installations are prohibited (e.g., software that is free only for personal, not government use, and software whose pedigree with regard to being potentially malicious is unknown or suspect).\n
Enhancements
(0) None.\n
Compliance Mappings
ISO 17799 (legacy)
15.1.2
COBIT 4.1 (legacy)
DS9.3