| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
CM-10 |
FedRAMP_High_R4_CM-10 |
FedRAMP High CM-10 |
Configuration Management |
Software Usage Restrictions |
Shared |
n/a |
The organization:
a. Uses software and associated documentation in accordance with contract agreements and copyright laws;
b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and
c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.
Supplemental Guidance: Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs. Related controls: AC-17, CM-8, SC-7.
References: None. |
link |
4 |
| FedRAMP_Moderate_R4 |
CM-10 |
FedRAMP_Moderate_R4_CM-10 |
FedRAMP Moderate CM-10 |
Configuration Management |
Software Usage Restrictions |
Shared |
n/a |
The organization:
a. Uses software and associated documentation in accordance with contract agreements and copyright laws;
b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and
c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.
Supplemental Guidance: Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs. Related controls: AC-17, CM-8, SC-7.
References: None. |
link |
4 |
| hipaa |
0112.02d2Organizational.3-02.d |
hipaa-0112.02d2Organizational.3-02.d |
0112.02d2Organizational.3-02.d |
01 Information Protection Program |
0112.02d2Organizational.3-02.d 02.03 During Employment |
Shared |
n/a |
Acceptable usage is defined and usage is explicitly authorized. |
|
7 |
| hipaa |
0722.07a1Organizational.67-07.a |
hipaa-0722.07a1Organizational.67-07.a |
0722.07a1Organizational.67-07.a |
07 Vulnerability Management |
0722.07a1Organizational.67-07.a 07.01 Responsibility for Assets |
Shared |
n/a |
If the organization assigns assets to contractors, it ensures that the procedures for assigning and monitoring the use of the property are included in the contract; and, if assigned to volunteer workers, there is a written agreement specifying how and when the property will be inventoried and how it will be returned upon completion of the volunteer assignment. |
|
3 |
| ISO27001-2013 |
A.18.1.2 |
ISO27001-2013_A.18.1.2 |
ISO 27001:2013 A.18.1.2 |
Compliance |
Intellectual property rights |
Shared |
n/a |
Appropriate procedures shall be implemented to ensure compliance with legislative, regulatory, and contractual requirements related to intellectual property rights and use of proprietary software products. |
link |
2 |
| NIST_SP_800-53_R4 |
CM-10 |
NIST_SP_800-53_R4_CM-10 |
NIST SP 800-53 Rev. 4 CM-10 |
Configuration Management |
Software Usage Restrictions |
Shared |
n/a |
The organization:
a. Uses software and associated documentation in accordance with contract agreements and copyright laws;
b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and
c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.
Supplemental Guidance: Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs. Related controls: AC-17, CM-8, SC-7.
References: None. |
link |
4 |
| NIST_SP_800-53_R5 |
CM-10 |
NIST_SP_800-53_R5_CM-10 |
NIST SP 800-53 Rev. 5 CM-10 |
Configuration Management |
Software Usage Restrictions |
Shared |
n/a |
a. Use software and associated documentation in accordance with contract agreements and copyright laws;
b. Track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and
c. Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work. |
link |
4 |
| PCI_DSS_v4.0 |
12.2.1 |
PCI_DSS_v4.0_12.2.1 |
PCI DSS v4.0 12.2.1 |
Requirement 12: Support Information Security with Organizational Policies and Programs |
Acceptable use policies for end-user technologies are defined and implemented |
Shared |
n/a |
Acceptable use policies for end-user technologies are documented and implemented, including:
• Explicit approval by authorized parties.
• Acceptable uses of the technology.
• List of products approved by the company for employee use, including hardware and software. |
link |
4 |