CM-10: Software Usage Restrictions
From NIST's SP800-53:
a. Use software and associated documentation in accordance with contract agreements and copyright laws; b. Track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and c. Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| DE.CM-3 | Personnel activity is monitored to detect potential cybersecurity events |
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1559.002 | Dynamic Data Exchange | Execution |
| T1562.009 | Safe Mode Boot | Defense Evasion |
| T1550.001 | Application Access Token | Defense Evasion, Lateral Movement |
| T1553 | Subvert Trust Controls | Defense Evasion |
| T1546.008 | Accessibility Features | Persistence, Privilege Escalation |
| T1546.013 | PowerShell Profile | Persistence, Privilege Escalation |
| T1559 | Inter-Process Communication | Execution |
| T1562.006 | Indicator Blocking | Defense Evasion |
| T1553.004 | Install Root Certificate | Defense Evasion |