NIST 800-53 REV 5 • CONFIGURATION MANAGEMENT

CM-11(2)Software Installation with Privileged Status

Allow user installation of software only with explicit privileged status.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Privileged status can be obtained, for example, by serving in the role of system administrator.

Practitioner Notes

This enhancement requires that software installation only be performed by users with appropriate privileged access — standard users should not have installation capabilities.

Example 1: Enforce UAC (User Account Control) settings via Group Policy to require administrator credentials for any software installation, even if the user has some admin rights.

Example 2: Use Azure PIM (Privileged Identity Management) to grant just-in-time admin access for software installation tasks, automatically revoking access after a set period.

More Configuration Management Controls

CM-1 Policy and Procedures CM-2 Baseline Configuration CM-2(1) Reviews and Updates CM-2(2) Automation Support for Accuracy and Currency