| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
CM-10(1) |
FedRAMP_High_R4_CM-10(1) |
FedRAMP High CM-10 (1) |
Configuration Management |
Open Source Software |
Shared |
n/a |
The organization establishes the following restrictions on the use of open source software: [Assignment: organization-defined restrictions].
Supplemental Guidance: Open source software refers to software that is available in source code form. Certain software rights normally reserved for copyright holders are routinely provided under software license agreements that permit individuals to study, change, and improve the software. From a security perspective, the major advantage of open source software is that it provides organizations with the ability to examine the source code. However, there are also various licensing issues associated with open source software including, for example, the constraints on derivative use of such software. |
link |
1 |
| FedRAMP_Moderate_R4 |
CM-10(1) |
FedRAMP_Moderate_R4_CM-10(1) |
FedRAMP Moderate CM-10 (1) |
Configuration Management |
Open Source Software |
Shared |
n/a |
The organization establishes the following restrictions on the use of open source software: [Assignment: organization-defined restrictions].
Supplemental Guidance: Open source software refers to software that is available in source code form. Certain software rights normally reserved for copyright holders are routinely provided under software license agreements that permit individuals to study, change, and improve the software. From a security perspective, the major advantage of open source software is that it provides organizations with the ability to examine the source code. However, there are also various licensing issues associated with open source software including, for example, the constraints on derivative use of such software. |
link |
1 |
| hipaa |
0722.07a1Organizational.67-07.a |
hipaa-0722.07a1Organizational.67-07.a |
0722.07a1Organizational.67-07.a |
07 Vulnerability Management |
0722.07a1Organizational.67-07.a 07.01 Responsibility for Assets |
Shared |
n/a |
If the organization assigns assets to contractors, it ensures that the procedures for assigning and monitoring the use of the property are included in the contract; and, if assigned to volunteer workers, there is a written agreement specifying how and when the property will be inventoried and how it will be returned upon completion of the volunteer assignment. |
|
3 |
| NIST_SP_800-53_R4 |
CM-10(1) |
NIST_SP_800-53_R4_CM-10(1) |
NIST SP 800-53 Rev. 4 CM-10 (1) |
Configuration Management |
Open Source Software |
Shared |
n/a |
The organization establishes the following restrictions on the use of open source software: [Assignment: organization-defined restrictions].
Supplemental Guidance: Open source software refers to software that is available in source code form. Certain software rights normally reserved for copyright holders are routinely provided under software license agreements that permit individuals to study, change, and improve the software. From a security perspective, the major advantage of open source software is that it provides organizations with the ability to examine the source code. However, there are also various licensing issues associated with open source software including, for example, the constraints on derivative use of such software. |
link |
1 |
| NIST_SP_800-53_R5 |
CM-10(1) |
NIST_SP_800-53_R5_CM-10(1) |
NIST SP 800-53 Rev. 5 CM-10 (1) |
Configuration Management |
Open-source Software |
Shared |
n/a |
Establish the following restrictions on the use of open-source software: [Assignment: organization-defined restrictions]. |
link |
1 |