Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family SA

SA-7User-installed Software

User-installed Software

Last updated: 04 July 2026 08:17 UTC

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (0)

Weaknesses this control addresses (5)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-284Improper Access Control5,385Implements authorization checks and policies that prevent unauthorized software installation.
CWE-269Improper Privilege Management3,104Directly enforces proper management of privileges required to install software.
CWE-732Incorrect Permission Assignment for Critical Resource1,875Requires correct permission assignments on system resources and install mechanisms to block user installs.
CWE-250Execution with Unnecessary Privileges333Restricts users from obtaining or retaining unnecessary installation/execution privileges.
CWE-829Inclusion of Functionality from Untrusted Control Sphere298Prevents inclusion of code or functionality obtained from an untrusted user or external source.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2024-139215.57.20.0065partial

Other controls in family SA

SA-1 SA-10 SA-11 SA-12 SA-13 SA-14 SA-15 SA-16 SA-17 SA-18 SA-19 SA-2 SA-20 SA-21 SA-22 SA-23 SA-24 SA-3 SA-4 SA-5 SA-6 SA-8 SA-9