CM-11: User-installed Software

From NIST's SP800-53:

a. Establish [Assignment: organization-defined policies] governing the installation of software by users; b. Enforce software installation policies through the following methods: [Assignment: organization-defined methods]; and c. Monitor policy compliance [Assignment: organization-defined frequency].

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

SP800-53 Control Mapped to NIST Cyber Security Framework

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Control ID	Description
DE.CM-3	Personnel activity is monitored to detect potential cybersecurity events

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against.

ATT&CK ID	Title	Associated Tactics
T1550.001	Application Access Token	Defense Evasion, Lateral Movement
T1505	Server Software Component	Persistence
T1218.009	Regsvcs/Regasm	Defense Evasion
T1218.012	Verclsid	Defense Evasion
T1195	Supply Chain Compromise	Initial Access
T1195.001	Compromise Software Dependencies and Development Tools	Initial Access
T1218.008	Odbcconf	Defense Evasion
T1218.001	Compiled HTML File	Defense Evasion
T1543	Create or Modify System Process	Persistence, Privilege Escalation
T1569	System Services	Execution
T1218.002	Control Panel	Defense Evasion
T1059.006	Python	Execution
T1059	Command and Scripting Interpreter	Execution
T1569.001	Launchctl	Execution
T1218.013	Mavinject	Defense Evasion
T1505.004	IIS Components	Persistence
T1543.001	Launch Agent	Persistence, Privilege Escalation
T1176	Browser Extensions	Persistence
T1505.002	Transport Agent	Persistence
T1218	System Binary Proxy Execution	Defense Evasion
T1505.001	SQL Stored Procedures	Persistence
T1564.009	Resource Forking	Defense Evasion
T1218.004	InstallUtil	Defense Evasion
T1218.005	Mshta	Defense Evasion
T1543.004	Launch Daemon	Persistence, Privilege Escalation
T1195.002	Compromise Software Supply Chain	Initial Access
T1547.013	XDG Autostart Entries	Persistence, Privilege Escalation
T1218.003	CMSTP	Defense Evasion
T1021.005	VNC	Lateral Movement
T1543.002	Systemd Service	Persistence, Privilege Escalation
T1543.003	Windows Service	Persistence, Privilege Escalation
T1218.014	MMC	Defense Evasion