SA-07 User Installed Software

Control: The organization enforces explicit rules governing the installation of software by users.

Supplemental Guidance: If provided the necessary privileges, users have the ability to install software. The organization identifies what types of software installations are permitted (e.g., updates and security patches to existing software) and what types of installations are prohibited (e.g., software that is free only for personal, not government use, and software whose pedigree with regard to being potentially malicious is unknown or suspect).

Control Enhancements: (0) None.

Baseline: LOW SA-7 MOD SA-7 HIGH SA-7

Family: System And Services Acquisition

Class: Management

ISO 17799 mapping: 15.1.2

COBIT 4.1 mapping: DS9.3

PCI-DSS v2 mapping: 12.3.7