NIST 800-53 REV 5 • CONFIGURATION MANAGEMENT

CM-11(3)Automated Enforcement and Monitoring

Enforce and monitor compliance with software installation policies using {{ insert: param, cm-11.3_prm_1 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Organizations enforce and monitor compliance with software installation policies using automated mechanisms to more quickly detect and respond to unauthorized software installation which can be an indicator of an internal or external hostile attack.

Practitioner Notes

This enhancement requires automated enforcement and monitoring of software installation restrictions — technical controls, not just policies.

Example 1: Deploy AppLocker policies that technically block installation of any software not signed by your organization or trusted publishers.

Example 2: Use Intune compliance policies to continuously monitor devices for unauthorized software and automatically mark non-compliant devices for remediation.

More Configuration Management Controls

CM-1 Policy and Procedures CM-2 Baseline Configuration CM-2(1) Reviews and Updates CM-2(2) Automation Support for Accuracy and Currency