CM-2(5) — Authorized Software

This enhancement was incorporated into CM-7. It previously focused on maintaining a list of authorized software and allowing only that software to run.

Example 1: Implement AppLocker policies via Group Policy to create an allowlist of approved applications that can execute on user workstations.

Example 2: Maintain an approved software catalog in Intune or SCCM and use application deployment policies to ensure only listed software is available to users.