Software Management

The application of management activities-planning, coordinating, measuring, monitoring, controlling, and reporting-to ensure that the development and maintenance of software is systematic, disciplined, and quantified. This includes the of a system at distinct points in time for the purpose of systematically controlling changes to the configuration, and maintaining the integrity and traceability of the configuration throughout the system life cycle.

Cloud Controls Matrix (CCM) Data

Array

RM-05 | Release Management | Unauthorized Software Installations

Control Specification +-

Policies and procedures shall be established and mechanisms implemented to restrict the installation of unauthorized software.

Architectural Relevance +-

PhysicalNetworkComputeAppData
False True True True False

Corp Gov Relevance +-

Corp Gov Relevance
True

Cloud Service Delivery Model Applicability +-

SaaSPaaSIaaS
True True True

Supplier Relationship +-

Service ProviderTenant / Consumer
True False

Scope Applicability +-

COBIT 4.1HIPAA / HITECH ActISO/IEC 27001-2005

A.10.1.3
A.10.4.1
A.11.5.4
A.11.6.1
A.12.4.1
A.12.5.3

NIST SP800-53 R3FedRAMP (Final 2012) Low ImpactFedRAMP (Final 2012) Moderate ImpactPCI DSS v2.0

CM-1
CM-2
CM-3
CM-5
CM-7
CM-8
CM-9
SA-6
SA-7
SI-1
SI-3
SI-4
SI-7

NIST SP 800-53 R3 CM-1
NIST SP 800-53 R3 CM-2
NIST SP 800-53 R3 CM-7
NIST SP 800-53 R3 CM-8
NIST SP 800-53 R3 SA-6
NIST SP 800-53 R3 SA-7
NIST SP 800-53 R3 SI-1
NIST SP 800-53 R3 SI-3

NIST SP 800-53 R3 CM-1
NIST SP 800-53 R3 CM-2
NIST SP 800-53 R3 CM-2 (1)
NIST SP 800-53 R3 CM-2 (3)
NIST SP 800-53 R3 CM-2 (5)
NIST SP 800-53 R3 CM-3
NIST SP 800-53 R3 CM-3 (2)
NIST SP 800-53 R3 CM-5
NIST SP 800-53 R3 CM-5 (1)
NIST SP 800-53 R3 CM-5 (5)
NIST SP 800-53 R3 CM-7
NIST SP 800-53 R3 CM-7 (1)
NIST SP 800-53 R3 CM-8
NIST SP 800-53 R3 CM-8 (1)
NIST SP 800-53 R3 CM-8 (3)
NIST SP 800-53 R3 CM-8 (5)
NIST SP 800-53 R3 CM-9
NIST SP 800-53 R3 SA-6
NIST SP 800-53 R3 SA-7
NIST SP 800-53 R3 SI-1
NIST SP 800-53 R3 SI-3
NIST SP 800-53 R3 SI-3 (1)
NIST SP 800-53 R3 SI-3 (2)
NIST SP 800-53 R3 SI-3 (3)
NIST SP 800-53 R3 SI-4
NIST SP 800-53 R3 SI-4 (2)
NIST SP 800-53 R3 SI-4 (4)
NIST SP 800-53 R3 SI-4 (5)
NIST SP 800-53 R3 SI-4 (6)
NIST SP 800-53 R3 SI-7
NIST SP 800-53 R3 SI-7 (1)

BITS Shared Assessments SIG v6.0BITS Shared Assessments SIG v5.0GAPP (Aug 2009)

G.2.13, G.20.2,G.20.4, G.20.5, G.7, G.7.1, G.12.11, H.2.16, I.2.22.1, I.2.22.3, I.2.22.6, I.2.23

G.1
I.2

3.2.4
8.2.2

Jericho ForumNERC CIP

Commandment #1
Commandment #2
Commandment #3
Commandment #5
Commandment #11

Array

Consensus Assessments Initiative Questionnaire (CAIQ) Data

Release Management (RM) | ID #RM-05.1

Do you have controls in place to restrict and monitor the installation of unauthorized software onto your systems?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

A.10.1.3
A.10.4.1
A.11.5.4
A.11.6.1
A.12.4.1
A.12.5.3

FedRAMPPCI_DSSBITSGAPP

AUP v5.0 G.1 AUP v5.0 I.2 SIG v6.0: G.2.13, G.20.2,G.20.4, G.20.5, G.7, G.7.1, G.12.11, H.2.16, I.2.22.1, I.2.22.3, I.2.22.6, I.2.23,

GAPP Ref 3.2.4
GAPP Ref 8.2.2

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True