HOME

CM-7 (2)

CM-7 (2) H M
Description

The information system prevents program execution in accordance with [Selection (one or more): [Assignment: organization-defined policies regarding software program usage and restrictions]; rules authorizing the terms and conditions of software program usage].

DISA Cloud Computing SRG

Not appropriate for DoD to define for all CSP's infrastructure or service offerings

Source:
DoD RMF TAG

Supplemental Guidance

Further Guidance

CM-7 (2) Guidance: This control shall be implemented in a technical manner on the information system to only allow programs to run that adhere to the policy (i.e. white listing). This control is not to be based off of strictly written policy on what is allowed or not allowed to run.

Related Controls