Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >SP 800-53
  3. >Configuration Management
  4. >SP800-53-CM-7(4)
SP800-53-CM-7(4)Active

Unauthorized Software — Deny-by-exception

Statement

Identify software programs; Employ an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the system; and Review and update the list of unauthorized software programs frequency.

Location

Control Family
Configuration Management

Control Details

Identifier
SP800-53-CM-7(4)
Family
CM
Parent Control
SP800-53-CM-7

Organisation-Defined Parameters

cm-07.04_odp.01
software programs
cm-07.04_odp.02
frequency

Supplemental Guidance

Unauthorized software programs can be limited to specific versions or from a specific source. The concept of prohibiting the execution of unauthorized software may also be applied to user actions, system ports and protocols, IP addresses/ranges, websites, and MAC addresses.

Assessment Objective

software programs are identified; an allow-all, deny-by-exception policy is employed to prohibit the execution of unauthorized software programs on the system; the list of unauthorized software programs is reviewed and updated frequency.

No cross-framework mappings available

← Back to Configuration Management
Configuration Management66 controls
SP800-53-CM-1Policy and ProceduresSP800-53-CM-2Baseline ConfigurationSP800-53-CM-2(1)Reviews and UpdatesSP800-53-CM-2(2)Automation Support for Accuracy and CurrencySP800-53-CM-2(3)Retention of Previous ConfigurationsSP800-53-CM-2(4)Unauthorized SoftwareSP800-53-CM-2(5)Authorized SoftwareSP800-53-CM-2(6)Development and Test EnvironmentsSP800-53-CM-2(7)Configure Systems and Components for High-risk AreasSP800-53-CM-3Configuration Change ControlSP800-53-CM-3(1)Automated Documentation, Notification, and Prohibition of ChangesSP800-53-CM-3(2)Testing, Validation, and Documentation of ChangesSP800-53-CM-3(3)Automated Change ImplementationSP800-53-CM-3(4)Security and Privacy RepresentativesSP800-53-CM-3(5)Automated Security ResponseSP800-53-CM-3(6)Cryptography ManagementSP800-53-CM-3(7)Review System ChangesSP800-53-CM-3(8)Prevent or Restrict Configuration ChangesSP800-53-CM-4Impact AnalysesSP800-53-CM-4(1)Separate Test EnvironmentsSP800-53-CM-4(2)Verification of ControlsSP800-53-CM-5Access Restrictions for ChangeSP800-53-CM-5(1)Automated Access Enforcement and Audit RecordsSP800-53-CM-5(2)Review System ChangesSP800-53-CM-5(3)Signed ComponentsSP800-53-CM-5(4)Dual AuthorizationSP800-53-CM-5(5)Privilege Limitation for Production and OperationSP800-53-CM-5(6)Limit Library PrivilegesSP800-53-CM-5(7)Automatic Implementation of Security SafeguardsSP800-53-CM-6Configuration SettingsSP800-53-CM-6(1)Automated Management, Application, and VerificationSP800-53-CM-6(2)Respond to Unauthorized ChangesSP800-53-CM-6(3)Unauthorized Change DetectionSP800-53-CM-6(4)Conformance DemonstrationSP800-53-CM-7Least FunctionalitySP800-53-CM-7(1)Periodic ReviewSP800-53-CM-7(2)Prevent Program ExecutionSP800-53-CM-7(3)Registration ComplianceSP800-53-CM-7(4)Unauthorized Software — Deny-by-exceptionSP800-53-CM-7(5)Authorized Software — Allow-by-exceptionSP800-53-CM-7(6)Confined Environments with Limited PrivilegesSP800-53-CM-7(7)Code Execution in Protected EnvironmentsSP800-53-CM-7(8)Binary or Machine Executable CodeSP800-53-CM-7(9)Prohibiting The Use of Unauthorized HardwareSP800-53-CM-8System Component InventorySP800-53-CM-8(1)Updates During Installation and RemovalSP800-53-CM-8(2)Automated MaintenanceSP800-53-CM-8(3)Automated Unauthorized Component DetectionSP800-53-CM-8(4)Accountability InformationSP800-53-CM-8(5)No Duplicate Accounting of ComponentsSP800-53-CM-8(6)Assessed Configurations and Approved DeviationsSP800-53-CM-8(7)Centralized RepositorySP800-53-CM-8(8)Automated Location TrackingSP800-53-CM-8(9)Assignment of Components to SystemsSP800-53-CM-9Configuration Management PlanSP800-53-CM-9(1)Assignment of ResponsibilitySP800-53-CM-10Software Usage RestrictionsSP800-53-CM-10(1)Open-source SoftwareSP800-53-CM-11User-installed SoftwareSP800-53-CM-11(1)Alerts for Unauthorized InstallationsSP800-53-CM-11(2)Software Installation with Privileged StatusSP800-53-CM-11(3)Automated Enforcement and MonitoringSP800-53-CM-12Information LocationSP800-53-CM-12(1)Automated Tools to Support Information LocationSP800-53-CM-13Data Action MappingSP800-53-CM-14Signed Components