NIST 800-53 CM-11 Mappings

If provided the necessary privileges, users can install software in organizational systems. To maintain control over the software installed, organizations identify permitted and prohibited actions regarding software installation. Permitted software installations include updates and security patches to existing software and downloading new applications from organization-approved app stores. Prohibited software installations include software with unknown or suspect pedigrees or software that organizations consider potentially malicious. Policies selected for governing user-installed software are organization-developed or provided by some external entity. Policy enforcement methods can include procedural methods and automated methods.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CM-11 User-installed Software Protects T1021.005 VNC
CM-11 User-installed Software Protects T1059 Command and Scripting Interpreter
CM-11 User-installed Software Protects T1059.006 Python
CM-11 User-installed Software Protects T1176 Browser Extensions
CM-11 User-installed Software Protects T1195 Supply Chain Compromise
CM-11 User-installed Software Protects T1195.001 Compromise Software Dependencies and Development Tools
CM-11 User-installed Software Protects T1195.002 Compromise Software Supply Chain
CM-11 User-installed Software Protects T1505 Server Software Component
CM-11 User-installed Software Protects T1505.001 SQL Stored Procedures
CM-11 User-installed Software Protects T1505.002 Transport Agent
CM-11 User-installed Software Protects T1543 Create or Modify System Process
CM-11 User-installed Software Protects T1543.001 Launch Agent
CM-11 User-installed Software Protects T1543.002 Systemd Service
CM-11 User-installed Software Protects T1543.003 Windows Service
CM-11 User-installed Software Protects T1543.004 Launch Daemon
CM-11 User-installed Software Protects T1550.001 Application Access Token
CM-11 User-installed Software Protects T1569 System Services
CM-11 User-installed Software Protects T1569.001 Launchctl