1. Home
  2. FedRAMP
  3. CM-10

BRACKETOLOGY | FEDRAMP

CM-10: SOFTWARE USAGE RESTRICTIONS

  • FedRAMP Baseline Membership CM-10:
  • LOW
  • MODERATE
  • HIGH

FedRAMP Bracketology

Use the FedRAMP Control Membership information above to determine if a control or control enhancement is required for each Impact Baseline — LOW, MODERATE, or HIGH

Click on the panel below each control or control enhancement to review the FedRAMP Impact Baseline-specific control configuration requirements for each of the [BRACKETS] in each control and/or control enhancement.

Review and use Additional Requirements and Guidance to build FedRAMP-compliant controls for your risk-based cybersecurity program.

To change the baseline view in the panel, click on LOW, MODERATE, or HIGH when the panel is open

Panels only appear where there are [BRACKETS] in the control or enhancement or where there is FedRAMP-specific requirements or guidance available.

The organization:

    • a. Uses software and associated documentation in accordance with contract agreements and copyright laws;
    • b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and
    • c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.

SUPPLEMENTAL GUIDANCE

Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs.

CONTROL ENHANCEMENTS

CM-10 (1) SOFTWARE USAGE RESTRICTIONS | OPEN SOURCE SOFTWARE
  • FedRAMP Baseline Membership CM-10 (1):
  • MODERATE
  • HIGH

The organization establishes the following restrictions on the use of open source software: [Assignment: organization-defined restrictions].

Click Low | Moderate | High below to see FedRAMP control configuration information. It's in BOLD.

There are no FedRAMP-specific requirements if this control is used for a LOW Impact system.

There are no FedRAMP-specific requirements if this control is used for a MODERATE Impact system.

There are no FedRAMP-specific requirements if this control is used for a HIGH Impact system.


Supplemental Guidance:

Open source software refers to software that is available in source code form. Certain software rights normally reserved for copyright holders are routinely provided under software license agreements that permit individuals to study, change, and improve the software. From a security perspective, the major advantage of open source software is that it provides organizations with the ability to examine the source code. However, there are also various licensing issues associated with open source software including, for example, the constraints on derivative use of such software.

REFERENCES:

  • NO REFERENCES