800-53|CM-11b.

Title

USER-INSTALLED SOFTWARE

Description

Enforces software installation policies through [Assignment: organization-defined methods]; and

Reference Item Details

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.4.12 Configure 'Allow deployment operations in special profiles'WindowsCIS Windows 8 L1 v1.0.0
AIOS-02-080011 - Apple iOS must not include applications with the following characteristics: Siri when the device is locked.MDMAirWatch - DISA Apple iOS 10 v1r3
AIOS-02-080011 - Apple iOS must not include applications with the following characteristics: Siri when the device is locked.MDMMobileIron - DISA Apple iOS 10 v1r3
AIOS-02-080012 - Apple iOS must not include applications with the following: Voice dialing application if available when MD is locked.MDMAirWatch - DISA Apple iOS 10 v1r3
AIOS-02-080012 - Apple iOS must not include applications with the following: Voice dialing application if available when MD is locked.MDMMobileIron - DISA Apple iOS 10 v1r3
AIOS-12-001900 - Apple iOS must not display notifications (calendar information) when the device is locked.MDMAirWatch - DISA Apple iOS 12 v2r1
AIOS-12-001900 - Apple iOS must not display notifications (calendar information) when the device is locked.MDMMobileIron - DISA Apple iOS 12 v2r1
AIOS-12-004000 - Apple iOS must not allow backup of managed app data to locally connected systems.MDMMobileIron - DISA Apple iOS 12 v2r1
AIOS-12-004000 - Apple iOS must not allow backup of managed app data to locally connected systems.MDMAirWatch - DISA Apple iOS 12 v2r1
AIOS-12-004100 - Apple iOS must not allow backup to remote systems (iCloud).MDMMobileIron - DISA Apple iOS 12 v2r1
AIOS-12-004100 - Apple iOS must not allow backup to remote systems (iCloud).MDMAirWatch - DISA Apple iOS 12 v2r1
AIOS-12-004200 - Apple iOS must not allow backup to remote systems (iCloud document and data synchronization).MDMAirWatch - DISA Apple iOS 12 v2r1
AIOS-12-004200 - Apple iOS must not allow backup to remote systems (iCloud document and data synchronization).MDMMobileIron - DISA Apple iOS 12 v2r1
AIOS-13-001900 - Apple iOS/iPadOS must not display notifications (calendar information) when the device is locked.MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-001900 - Apple iOS/iPadOS must not display notifications (calendar information) when the device is locked.MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004000 - Apple iOS/iPadOS must not allow backup of managed app data to locally connected systems.MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004000 - Apple iOS/iPadOS must not allow backup of managed app data to locally connected systems.MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004100 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud).MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004100 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud).MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004200 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud document and data synchronization).MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004200 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud document and data synchronization).MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-14-001100 - The mobile operating system whitelist must be configured to not include applications with the following characteristics: voice dialing application if available when MD is locked.MDMAirWatch - DISA Apple iOS/iPadOS 14 v1r3
AIOS-14-001100 - The mobile operating system whitelist must be configured to not include applications with the following characteristics: voice dialing application if available when MD is locked.MDMMobileIron - DISA Apple iOS/iPadOS 14 v1r3
GOOG-11-001100 - Google Android 11 allow list must be configured to not include applications with the following characteristics:MDMMobileIron - DISA Google Android 11 COBO v2r1
GOOG-11-001100 - Google Android 11 allow list must be configured to not include applications with the following characteristics:MDMAirWatch - DISA Google Android 11 COPE v2r1
GOOG-11-001100 - Google Android 11 allow list must be configured to not include applications with the following characteristics:MDMAirWatch - DISA Google Android 11 COBO v2r1
GOOG-11-001100 - Google Android 11 allow list must be configured to not include applications with the following characteristics:MDMMobileIron - DISA Google Android 11 COPE v2r1
KNOX-07-001100 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy. Disable Google Play.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001100 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy. Disable Google Play.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001200 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy. Disable unknown sources.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001200 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy. Disable unknown sources.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001400 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001400 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001600 - The Samsung whitelist must be configured to not include applications that Back up MD data to non-DoD cloud servers.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001600 - The Samsung whitelist must be configured to not include applications that Back up MD data to non-DoD cloud servers.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001700 - The Samsung whitelist must be configured to not include applications that Transmit MD diagnostic data to non-DoD servers.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001700 - The Samsung whitelist must be configured to not include applications that Transmit MD diagnostic data to non-DoD servers.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001800 - The Samsung whitelist must be configured to not include applications with Voice assistant available when MD is locked.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001800 - The Samsung whitelist must be configured to not include applications with Voice assistant available when MD is locked.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001900 - The Samsung whitelist must be configured to not include applications with Voice dialing application when MD is locked.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001900 - The Samsung whitelist must be configured to not include applications with Voice dialing application when MD is locked.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-002000 - The Samsung whitelist must be configured to not include applications that Allows synchronization of data.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-002000 - The Samsung whitelist must be configured to not include applications that Allows synchronization of data.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-002200 - The Samsung whitelist must be configured to not include applications that Allows unencrypted data sharing.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-002200 - The Samsung whitelist must be configured to not include applications that Allows unencrypted data sharing.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-901500 - The Samsung must be configured to enforce a Container application install policy by specifying an application whitelist.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-901500 - The Samsung must be configured to enforce a Container application install policy by specifying an application whitelist.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
MOTO-09-001100 - The Motorola Android Pie whitelist must be configured to not include applications with the following characteristics:MDMAirWatch - DISA Motorola Android Pie.x COPE v1r2
MOTO-09-001100 - The Motorola Android Pie whitelist must be configured to not include applications with the following characteristics:MDMMobileIron - DISA Motorola Android Pie.x COBO v1r2
MOTO-09-001100 - The Motorola Android Pie whitelist must be configured to not include applications with the following characteristics:MDMAirWatch - DISA Motorola Android Pie.x COBO v1r2