NIST 800-53 REV 5 • CONFIGURATION MANAGEMENT

CM-10Software Usage Restrictions

Use software and associated documentation in accordance with contract agreements and copyright laws; Track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Software license tracking can be accomplished by manual or automated methods, depending on organizational needs. Examples of contract agreements include software license agreements and non-disclosure agreements.

Practitioner Notes

This control requires you to use software in accordance with license agreements and copyright law. Pirated or unlicensed software is both a legal risk and a security risk.

Example 1: Use Microsoft 365 Admin Center license management to track how many licenses you own versus how many are assigned, ensuring you do not exceed your entitlements.

Example 2: Deploy a software asset management tool like Snow License Manager or Flexera to automatically track software installations against purchased license counts.

More Configuration Management Controls

CM-1 Policy and Procedures CM-2 Baseline Configuration CM-2(1) Reviews and Updates CM-2(2) Automation Support for Accuracy and Currency