800-53|CM-11b.

Title

USER-INSTALLED SOFTWARE

Description

Enforces software installation policies through [Assignment: organization-defined methods]; and

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2.4.12 Configure 'Allow deployment operations in special profiles'	Windows	CIS Windows 8 L1 v1.0.0
AIOS-02-080011 - Apple iOS must not include applications with the following characteristics: Siri when the device is locked.	MDM	AirWatch - DISA Apple iOS 10 v1r3
AIOS-02-080011 - Apple iOS must not include applications with the following characteristics: Siri when the device is locked.	MDM	MobileIron - DISA Apple iOS 10 v1r3
AIOS-02-080012 - Apple iOS must not include applications with the following: Voice dialing application if available when MD is locked.	MDM	AirWatch - DISA Apple iOS 10 v1r3
AIOS-02-080012 - Apple iOS must not include applications with the following: Voice dialing application if available when MD is locked.	MDM	MobileIron - DISA Apple iOS 10 v1r3
AIOS-12-001900 - Apple iOS must not display notifications (calendar information) when the device is locked.	MDM	MobileIron - DISA Apple iOS 12 v2r1
AIOS-12-001900 - Apple iOS must not display notifications (calendar information) when the device is locked.	MDM	AirWatch - DISA Apple iOS 12 v2r1
AIOS-12-004000 - Apple iOS must not allow backup of managed app data to locally connected systems.	MDM	MobileIron - DISA Apple iOS 12 v2r1
AIOS-12-004000 - Apple iOS must not allow backup of managed app data to locally connected systems.	MDM	AirWatch - DISA Apple iOS 12 v2r1
AIOS-12-004100 - Apple iOS must not allow backup to remote systems (iCloud).	MDM	AirWatch - DISA Apple iOS 12 v2r1
AIOS-12-004100 - Apple iOS must not allow backup to remote systems (iCloud).	MDM	MobileIron - DISA Apple iOS 12 v2r1
AIOS-12-004200 - Apple iOS must not allow backup to remote systems (iCloud document and data synchronization).	MDM	AirWatch - DISA Apple iOS 12 v2r1
AIOS-12-004200 - Apple iOS must not allow backup to remote systems (iCloud document and data synchronization).	MDM	MobileIron - DISA Apple iOS 12 v2r1
AIOS-13-001900 - Apple iOS/iPadOS must not display notifications (calendar information) when the device is locked.	MDM	AirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-001900 - Apple iOS/iPadOS must not display notifications (calendar information) when the device is locked.	MDM	MobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004000 - Apple iOS/iPadOS must not allow backup of managed app data to locally connected systems.	MDM	AirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004000 - Apple iOS/iPadOS must not allow backup of managed app data to locally connected systems.	MDM	MobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004100 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud).	MDM	AirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004100 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud).	MDM	MobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004200 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud document and data synchronization).	MDM	MobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004200 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud document and data synchronization).	MDM	AirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-14-000700 - The mobile operating system must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store].	MDM	AirWatch - DISA Apple iOS/iPadOS 14 v1r3
AIOS-14-000700 - The mobile operating system must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store].	MDM	MobileIron - DISA Apple iOS/iPadOS 14 v1r3
AIOS-14-001100 - The mobile operating system whitelist must be configured to not include applications with the following characteristics: voice dialing application if available when MD is locked.	MDM	AirWatch - DISA Apple iOS/iPadOS 14 v1r3
AIOS-14-001100 - The mobile operating system whitelist must be configured to not include applications with the following characteristics: voice dialing application if available when MD is locked.	MDM	MobileIron - DISA Apple iOS/iPadOS 14 v1r3
GOOG-10-000800 - Google Android 10 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store] - Unknown Sources	MDM	AirWatch - DISA Google Android 10.x v2r1
GOOG-10-000800 - Google Android 10 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store].	MDM	MobileIron - DISA Google Android 10.x v2r1
HONW-09-000800 - The Honeywell Mobility Edge Android Pie device must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store] - Unknown Sources	MDM	AirWatch - DISA Honeywell Android 9.x COPE v1r2
HONW-09-000800 - The Honeywell Mobility Edge Android Pie device must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store] - Unknown Sources	MDM	AirWatch - DISA Honeywell Android 9.x COBO v1r2
HONW-09-000800 - The Honeywell Mobility Edge Android Pie device must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store].	MDM	MobileIron - DISA Honeywell Android 9.x COBO v1r2
HONW-09-000800 - The Honeywell Mobility Edge Android Pie device must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store].	MDM	MobileIron - DISA Honeywell Android 9.x COPE v1r2
MOTO-09-000800 - The Motorola Android Pie must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store] - Unknown Sources	MDM	AirWatch - DISA Motorola Android Pie.x COBO v1r2
MOTO-09-000800 - The Motorola Android Pie must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store] - Unknown Sources	MDM	AirWatch - DISA Motorola Android Pie.x COPE v1r2
MOTO-09-000800 - The Motorola Android Pie must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store].	MDM	MobileIron - DISA Motorola Android Pie.x COBO v1r2
MOTO-09-000800 - The Motorola Android Pie must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store].	MDM	MobileIron - DISA Motorola Android Pie.x COPE v1r2
ZEBR-10-000800 - Zebra Android 10 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store] - Unknown Sources	MDM	AirWatch - DISA Zebra Android 10 COPE v1r2
ZEBR-10-000800 - Zebra Android 10 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store] - Unknown Sources	MDM	AirWatch - DISA Zebra Android 10 COBO v1r2
ZEBR-10-000800 - Zebra Android 10 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store].	MDM	MobileIron - DISA Zebra Android 10 COBO v1r2
ZEBR-10-000800 - Zebra Android 10 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store].	MDM	MobileIron - DISA Zebra Android 10 COPE v1r2

Detections

Analytics

800-53|CM-11b.

Title

Description

Reference Item Details

Audit Items