Skip to Content

Open Source Software CM-10(1)

664  Matthew Burdick September 29, 2022  Configuration Management (CM)

Overview:
The organization establishes the following restrictions on the use of open source software: [Assignment: organization-defined restrictions].


Supplemental Guidance:
Open source software refers to software that is available in source code form. Certain software rights normally reserved for copyright holders are routinely provided under software license agreements that permit individuals to study, change, and improve the software. From a security perspective, the major advantage of open source software is that it provides organizations with the ability to examine the source code. However, there are also various licensing issues associated with open source software including, for example, the constraints on derivative use of such software.


Action Items:
1) Establish a policy and procedure to ensure software is used appropriately in accordance to copyright law and licensing contracts

 

Related Documents:
1) Secure Systems Configuration Policy

2) Acceptable Use Policy

3) Asset Management Policy


Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
none


Moderate Additional FedRAMP Requirements and Guidance
none
Not Rated
Secure Code