NIST 800-53 r5 · Controls catalogue · Family SA
SA-7User-installed Software
User-installed Software
Last updated: 19 May 2026 14:18 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (5)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-284 | Improper Access Control | 4,905 | Implements authorization checks and policies that prevent unauthorized software installation. |
CWE-269 | Improper Privilege Management | 2,936 | Directly enforces proper management of privileges required to install software. |
CWE-732 | Incorrect Permission Assignment for Critical Resource | 1,837 | Requires correct permission assignments on system resources and install mechanisms to block user installs. |
CWE-250 | Execution with Unnecessary Privileges | 311 | Restricts users from obtaining or retaining unnecessary installation/execution privileges. |
CWE-829 | Inclusion of Functionality from Untrusted Control Sphere | 259 | Prevents inclusion of code or functionality obtained from an untrusted user or external source. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2024-13921 | 1.5 | 7.2 | 0.0031 | partial |