Theme

800-53|CM-11b.

Title

USER-INSTALLED SOFTWARE

Description

Enforces software installation policies through [Assignment: organization-defined methods]; and

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2.4.12 Configure 'Allow deployment operations in special profiles'	Windows	CIS Windows 8 L1 v1.0.0
AIOS-02-080011 - Apple iOS must not include applications with the following characteristics: Siri when the device is locked.	MDM	AirWatch - DISA Apple iOS 10 v1r3
AIOS-02-080011 - Apple iOS must not include applications with the following characteristics: Siri when the device is locked.	MDM	MobileIron - DISA Apple iOS 10 v1r3
AIOS-02-080012 - Apple iOS must not include applications with the following: Voice dialing application if available when MD is locked.	MDM	AirWatch - DISA Apple iOS 10 v1r3
AIOS-02-080012 - Apple iOS must not include applications with the following: Voice dialing application if available when MD is locked.	MDM	MobileIron - DISA Apple iOS 10 v1r3
AIOS-12-001900 - Apple iOS must not display notifications (calendar information) when the device is locked.	MDM	MobileIron - DISA Apple iOS 12 v2r1
AIOS-12-001900 - Apple iOS must not display notifications (calendar information) when the device is locked.	MDM	AirWatch - DISA Apple iOS 12 v2r1
AIOS-12-004000 - Apple iOS must not allow backup of managed app data to locally connected systems.	MDM	MobileIron - DISA Apple iOS 12 v2r1
AIOS-12-004000 - Apple iOS must not allow backup of managed app data to locally connected systems.	MDM	AirWatch - DISA Apple iOS 12 v2r1
AIOS-12-004100 - Apple iOS must not allow backup to remote systems (iCloud).	MDM	AirWatch - DISA Apple iOS 12 v2r1
AIOS-12-004100 - Apple iOS must not allow backup to remote systems (iCloud).	MDM	MobileIron - DISA Apple iOS 12 v2r1
AIOS-12-004200 - Apple iOS must not allow backup to remote systems (iCloud document and data synchronization).	MDM	AirWatch - DISA Apple iOS 12 v2r1
AIOS-12-004200 - Apple iOS must not allow backup to remote systems (iCloud document and data synchronization).	MDM	MobileIron - DISA Apple iOS 12 v2r1
AIOS-13-001900 - Apple iOS/iPadOS must not display notifications (calendar information) when the device is locked.	MDM	MobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-001900 - Apple iOS/iPadOS must not display notifications (calendar information) when the device is locked.	MDM	AirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004000 - Apple iOS/iPadOS must not allow backup of managed app data to locally connected systems.	MDM	MobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004000 - Apple iOS/iPadOS must not allow backup of managed app data to locally connected systems.	MDM	AirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004100 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud).	MDM	AirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004100 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud).	MDM	MobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004200 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud document and data synchronization).	MDM	MobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004200 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud document and data synchronization).	MDM	AirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-14-001100 - The mobile operating system whitelist must be configured to not include applications with the following characteristics: voice dialing application if available when MD is locked.	MDM	MobileIron - DISA Apple iOS/iPadOS 14 v1r3
AIOS-14-001100 - The mobile operating system whitelist must be configured to not include applications with the following characteristics: voice dialing application if available when MD is locked.	MDM	AirWatch - DISA Apple iOS/iPadOS 14 v1r3
KNOX-07-001100 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy. Disable Google Play.	MDM	MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001100 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy. Disable Google Play.	MDM	AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001200 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy. Disable unknown sources.	MDM	MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001200 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy. Disable unknown sources.	MDM	AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001400 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy.	MDM	AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001400 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy.	MDM	MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001600 - The Samsung whitelist must be configured to not include applications that Back up MD data to non-DoD cloud servers.	MDM	MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001600 - The Samsung whitelist must be configured to not include applications that Back up MD data to non-DoD cloud servers.	MDM	AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001700 - The Samsung whitelist must be configured to not include applications that Transmit MD diagnostic data to non-DoD servers.	MDM	MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001700 - The Samsung whitelist must be configured to not include applications that Transmit MD diagnostic data to non-DoD servers.	MDM	AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001800 - The Samsung whitelist must be configured to not include applications with Voice assistant available when MD is locked.	MDM	AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001800 - The Samsung whitelist must be configured to not include applications with Voice assistant available when MD is locked.	MDM	MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001900 - The Samsung whitelist must be configured to not include applications with Voice dialing application when MD is locked.	MDM	MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-001900 - The Samsung whitelist must be configured to not include applications with Voice dialing application when MD is locked.	MDM	AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-002000 - The Samsung whitelist must be configured to not include applications that Allows synchronization of data.	MDM	AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-002000 - The Samsung whitelist must be configured to not include applications that Allows synchronization of data.	MDM	MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-002200 - The Samsung whitelist must be configured to not include applications that Allows unencrypted data sharing.	MDM	MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-002200 - The Samsung whitelist must be configured to not include applications that Allows unencrypted data sharing.	MDM	AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-901500 - The Samsung must be configured to enforce a Container application install policy by specifying an application whitelist.	MDM	AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-901500 - The Samsung must be configured to enforce a Container application install policy by specifying an application whitelist.	MDM	MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
MOTO-09-001100 - The Motorola Android Pie whitelist must be configured to not include applications with the following characteristics:	MDM	AirWatch - DISA Motorola Android Pie.x COPE v1r2
MOTO-09-001100 - The Motorola Android Pie whitelist must be configured to not include applications with the following characteristics:	MDM	AirWatch - DISA Motorola Android Pie.x COBO v1r2
MOTO-09-001100 - The Motorola Android Pie whitelist must be configured to not include applications with the following characteristics:	MDM	MobileIron - DISA Motorola Android Pie.x COPE v1r2
MOTO-09-001100 - The Motorola Android Pie whitelist must be configured to not include applications with the following characteristics:	MDM	MobileIron - DISA Motorola Android Pie.x COBO v1r2
MOTS-11-001100 - Motorola Solutions Android 11 allow list must be configured to not include applications with the following characteristics:	MDM	AirWatch - DISA Motorola Solutions Android 11 COBO v1r2
MOTS-11-001100 - Motorola Solutions Android 11 allow list must be configured to not include applications with the following characteristics:	MDM	MobileIron - DISA Motorola Solutions Android 11 COBO v1r2
ZEBR-10-001100 - Zebra Android 10 whitelist must be configured to not include applications with the following characteristics:	MDM	AirWatch - DISA Zebra Android 10 COPE v1r2