NIST 800-53 REV 5 • CONFIGURATION MANAGEMENT

CM-2(4)Unauthorized Software

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Practitioner Notes

This enhancement was incorporated into CM-7. It previously focused on identifying and preventing unauthorized software on your systems.

Example 1: Use Microsoft Defender Application Control (WDAC) to block execution of any software not on your approved list.

Example 2: Run regular SCCM software inventory reports and compare them against your approved software list, flagging unauthorized installations for removal.

More Configuration Management Controls

CM-1 Policy and Procedures CM-2 Baseline Configuration CM-2(1) Reviews and Updates CM-2(2) Automation Support for Accuracy and Currency