NIST SP 800-171 & CMMC 2.0 Control 3.4.9 Requirement:

Control and monitor user-installed software.

NIST SP 800-171 & CMMC 2.0 3.4.9 Requirement Explanation:

Allowing users to install software on their systems increases cyber risk. They can accidentally install malware on their systems and the more software you have on your systems the larger your attack surface. It is is also difficult to keep unapproved software updated which can result in increased risk.

Example NIST SP 800-171 & CMMC 2.0 3.4.9 Implementation:

Do not provide your end users with administrative privileges as this allows them to install any software they wish. Uninstall any software from your systems that does not have an approved business need. Require that software installations are approved by IT management and have an associated business need.

NIST SP 800-171 & CMMC 2.0 3.4.9 Scenario(s):

- Scenario 1:

John, an end user attempts to install a game onto his company workstation. He is prompted for an admin password. Because he is not an admin he is unable to install the game. John asks Alice, a system administrator to install it. She informs him that only approved software may be installed.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.