NIST 800-53 REV 5 • CONFIGURATION MANAGEMENT

CM-11(1)Alerts for Unauthorized Installations

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Practitioner Notes

This enhancement was incorporated into CM-8(3). It previously required alerts when users attempted to install unauthorized software.

Example 1: Configure Microsoft Defender for Endpoint to generate alerts when blocked applications attempt to install or execute on managed devices.

Example 2: Set up SIEM alerts in Splunk or Sentinel to notify the security team when software installation events are detected outside approved workflows.

More Configuration Management Controls

CM-1 Policy and Procedures CM-2 Baseline Configuration CM-2(1) Reviews and Updates CM-2(2) Automation Support for Accuracy and Currency