800-53|CM-11b.

Title

USER-INSTALLED SOFTWARE

Description

Enforces software installation policies through [Assignment: organization-defined methods]; and

Reference Item Details

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.4.12 Configure 'Allow deployment operations in special profiles'WindowsCIS Windows 8 L1 v1.0.0
18.7.9 (L2) Ensure 'Configure Windows protected print' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v4.0.0 L2
18.7.9 (L2) Ensure 'Configure Windows protected print' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2025 v1.0.0 L2 DC
18.7.9 (L2) Ensure 'Configure Windows protected print' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2025 v1.0.0 L2 MS
18.7.9 (L2) Ensure 'Configure Windows protected print' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
AIOS-02-080011 - Apple iOS must not include applications with the following characteristics: Siri when the device is locked.MDMAirWatch - DISA Apple iOS 10 v1r3
AIOS-02-080011 - Apple iOS must not include applications with the following characteristics: Siri when the device is locked.MDMMobileIron - DISA Apple iOS 10 v1r3
AIOS-02-080012 - Apple iOS must not include applications with the following: Voice dialing application if available when MD is locked.MDMAirWatch - DISA Apple iOS 10 v1r3
AIOS-02-080012 - Apple iOS must not include applications with the following: Voice dialing application if available when MD is locked.MDMMobileIron - DISA Apple iOS 10 v1r3
AIOS-12-001900 - Apple iOS must not display notifications (calendar information) when the device is locked.MDMMobileIron - DISA Apple iOS 12 v2r1
AIOS-12-001900 - Apple iOS must not display notifications (calendar information) when the device is locked.MDMAirWatch - DISA Apple iOS 12 v2r1
AIOS-12-004000 - Apple iOS must not allow backup of managed app data to locally connected systems.MDMMobileIron - DISA Apple iOS 12 v2r1
AIOS-12-004000 - Apple iOS must not allow backup of managed app data to locally connected systems.MDMAirWatch - DISA Apple iOS 12 v2r1
AIOS-12-004100 - Apple iOS must not allow backup to remote systems (iCloud).MDMAirWatch - DISA Apple iOS 12 v2r1
AIOS-12-004100 - Apple iOS must not allow backup to remote systems (iCloud).MDMMobileIron - DISA Apple iOS 12 v2r1
AIOS-12-004200 - Apple iOS must not allow backup to remote systems (iCloud document and data synchronization).MDMAirWatch - DISA Apple iOS 12 v2r1
AIOS-12-004200 - Apple iOS must not allow backup to remote systems (iCloud document and data synchronization).MDMMobileIron - DISA Apple iOS 12 v2r1
AIOS-13-001900 - Apple iOS/iPadOS must not display notifications (calendar information) when the device is locked.MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-001900 - Apple iOS/iPadOS must not display notifications (calendar information) when the device is locked.MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004000 - Apple iOS/iPadOS must not allow backup of managed app data to locally connected systems.MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004000 - Apple iOS/iPadOS must not allow backup of managed app data to locally connected systems.MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004100 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud).MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004100 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud).MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004200 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud document and data synchronization).MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004200 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud document and data synchronization).MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-14-001100 - The mobile operating system whitelist must be configured to not include applications with the following characteristics: voice dialing application if available when MD is locked.MDMAirWatch - DISA Apple iOS/iPadOS 14 v1r3
AIOS-14-001100 - The mobile operating system whitelist must be configured to not include applications with the following characteristics: voice dialing application if available when MD is locked.MDMMobileIron - DISA Apple iOS/iPadOS 14 v1r3
GOOG-11-001100 - Google Android 11 allow list must be configured to not include applications with the following characteristics:MDMAirWatch - DISA Google Android 11 COPE v2r1
GOOG-11-001100 - Google Android 11 allow list must be configured to not include applications with the following characteristics:MDMAirWatch - DISA Google Android 11 COBO v2r1
GOOG-11-001100 - Google Android 11 allow list must be configured to not include applications with the following characteristics:MDMMobileIron - DISA Google Android 11 COBO v2r1
GOOG-11-001100 - Google Android 11 allow list must be configured to not include applications with the following characteristics:MDMMobileIron - DISA Google Android 11 COPE v2r1
HONW-09-001100 - The Honeywell Mobility Edge Android Pie device whitelist must be configured to not include applications with the following characteristics:MDMAirWatch - DISA Honeywell Android 9.x COBO v1r2
HONW-09-001100 - The Honeywell Mobility Edge Android Pie device whitelist must be configured to not include applications with the following characteristics:MDMMobileIron - DISA Honeywell Android 9.x COBO v1r2
HONW-09-001100 - The Honeywell Mobility Edge Android Pie device whitelist must be configured to not include applications with the following characteristics:MDMAirWatch - DISA Honeywell Android 9.x COPE v1r2
HONW-09-001100 - The Honeywell Mobility Edge Android Pie device whitelist must be configured to not include applications with the following characteristics:MDMMobileIron - DISA Honeywell Android 9.x COPE v1r2
KNOX-07-001100 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy. Disable Google Play.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001100 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy. Disable Google Play.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001200 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy. Disable unknown sources.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001200 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy. Disable unknown sources.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001400 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001400 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001600 - The Samsung whitelist must be configured to not include applications that Back up MD data to non-DoD cloud servers.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001600 - The Samsung whitelist must be configured to not include applications that Back up MD data to non-DoD cloud servers.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001700 - The Samsung whitelist must be configured to not include applications that Transmit MD diagnostic data to non-DoD servers.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001700 - The Samsung whitelist must be configured to not include applications that Transmit MD diagnostic data to non-DoD servers.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001800 - The Samsung whitelist must be configured to not include applications with Voice assistant available when MD is locked.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001800 - The Samsung whitelist must be configured to not include applications with Voice assistant available when MD is locked.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001900 - The Samsung whitelist must be configured to not include applications with Voice dialing application when MD is locked.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001900 - The Samsung whitelist must be configured to not include applications with Voice dialing application when MD is locked.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-002000 - The Samsung whitelist must be configured to not include applications that Allows synchronization of data.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1