NIST 800-53 r5 · Controls catalogue · Family CM
CM-11User-installed Software
Establish {{ insert: param, cm-11_odp.01 }} governing the installation of software by users; Enforce software installation policies through the following methods: {{ insert: param, cm-11_odp.02 }} ; and Monitor policy compliance {{ insert: param, cm-11_odp.03 }}.
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: mostly · 4 mapping(s) from 1 framework(s): CSF 2.0 4 (mostly)
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (33)
- T1021.005 VNC Lateral Movement
- T1059 Command and Scripting Interpreter Execution
- T1059.006 Python Execution
- T1072 Software Deployment Tools Execution, Lateral Movement
- T1176 Software Extensions Persistence
- T1195 Supply Chain Compromise Initial Access
- T1195.001 Compromise Software Dependencies and Development Tools Initial Access
- T1195.002 Compromise Software Supply Chain Initial Access
- T1218 System Binary Proxy Execution Stealth
- T1218.001 Compiled HTML File Stealth
- T1218.002 Control Panel Stealth
- T1218.003 CMSTP Stealth
- T1218.004 InstallUtil Stealth
- T1218.005 Mshta Stealth
- T1218.008 Odbcconf Stealth
- T1218.009 Regsvcs/Regasm Stealth
- T1218.012 Verclsid Stealth
- T1218.013 Mavinject Stealth
- T1218.014 MMC Stealth
- T1505 Server Software Component Persistence
- T1505.001 SQL Stored Procedures Persistence
- T1505.002 Transport Agent Persistence
- T1505.004 IIS Components Persistence
- T1543 Create or Modify System Process Persistence, Privilege Escalation
- T1543.001 Launch Agent Persistence, Privilege Escalation
- T1543.002 Systemd Service Persistence, Privilege Escalation
- T1543.003 Windows Service Persistence, Privilege Escalation
- T1543.004 Launch Daemon Persistence, Privilege Escalation
- T1547.013 XDG Autostart Entries Persistence, Privilege Escalation
- T1550.001 Application Access Token Lateral Movement
- T1564.009 Resource Forking Stealth
- T1569 System Services Execution
- T1569.001 Launchctl Execution
Weaknesses this control addresses (4)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-284 | Improper Access Control | 5,367 | This control establishes and enforces policies that restrict which users can install software and what software is permitted. |
CWE-829 | Inclusion of Functionality from Untrusted Control Sphere | 298 | Enforcing installation policies prevents users from including functionality obtained from untrusted control spheres. |
CWE-494 | Download of Code Without Integrity Check | 252 | Policies can require integrity verification of software prior to installation, reducing risks from unverified downloads. |
CWE-506 | Embedded Malicious Code | 85 | The control prevents users from installing software that contains embedded malicious code. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2025-30911 | 7.0 | 9.9 | 0.0176 | good |
CVE-2023-47840 | 7.0 | 9.9 | 0.0141 | good |
CVE-2024-8696 | 7.0 | 9.8 | 0.0123 | good |
CVE-2025-44022 UPD | 7.0 | 9.8 | 0.0102 | good |
CVE-2023-50564 | 6.0 | 8.8 | 0.2907 | good |
CVE-2024-37149 | 6.0 | 7.2 | 0.2108 | good |
CVE-2024-9499 | 5.5 | 8.6 | 0.0024 | good |
CVE-2024-9497 | 5.5 | 8.6 | 0.0024 | good |
CVE-2024-9491 | 5.5 | 8.6 | 0.0019 | good |
CVE-2026-43571 UPD | 5.5 | 8.8 | 0.0039 | good |
CVE-2026-3539 | 5.5 | 8.8 | 0.0027 | good |
CVE-2025-50286 UPD | 5.5 | 8.1 | 0.0871 | good |
CVE-2026-3063 | 3.5 | 5.4 | 0.0018 | good |
CVE-2022-32894 KEV | 10.0 | 7.8 | 0.0326 | partial |
CVE-2026-2599 | 7.0 | 9.8 | 0.0052 | good |
CVE-2025-24232 | 7.0 | 9.8 | 0.0105 | good |
CVE-2026-26974 | 7.0 | 9.8 | 0.0054 | good |
CVE-2026-1490 | 7.0 | 9.8 | 0.0116 | partial |
CVE-2025-59046 | 7.0 | 9.8 | 0.0118 | good |
CVE-2025-43244 UPD | 7.0 | 9.8 | 0.0056 | partial |
CVE-2024-52429 | 7.0 | 9.9 | 0.0090 | good |
CVE-2023-2725 | 6.0 | 8.8 | 0.2466 | good |
CVE-2025-69264 UPD | 5.5 | 8.8 | 0.0102 | good |
CVE-2024-9920 | 5.5 | 8.8 | 0.0125 | good |
CVE-2025-10706 | 5.5 | 8.8 | 0.0058 | good |