Skip to Content

Software Usage Restrictions CM-10

663  Matthew Burdick September 29, 2022  Configuration Management (CM)

Overview:
The organization:
a. Uses software and associated documentation in accordance with contract agreements and copyright laws;
b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and
c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.


Supplemental Guidance:
Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs.


Related controls:AC-17, CM-8, SC-7.


Action Items:
1) Establish a policy and procedure to ensure software is used appropriately in accordance to copyright law and licensing contracts

 

Related Documents:
1) Secure Systems Configuration Policy

2) Acceptable Use Policy

3) Asset Management Policy


Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
none


Moderate Additional FedRAMP Requirements and Guidance
none
Not Rated
Secure Code