BRACKETOLOGY | FEDRAMP
CM-10: SOFTWARE USAGE RESTRICTIONS
FedRAMP Baseline Membership CM-10:
Use the FedRAMP Control Membership information above to determine if a control or control enhancement is required for each Impact Baseline — LOW, MODERATE, or HIGH
Click on the panel below each control or control enhancement to review the FedRAMP Impact Baseline-specific control configuration requirements for each of the [BRACKETS] in each control and/or control enhancement.
Review and use Additional Requirements and Guidance to build FedRAMP-compliant controls for your risk-based cybersecurity program.
To change the baseline view in the panel, click on LOW, MODERATE, or HIGH when the panel is open
Panels only appear where there are [BRACKETS] in the control or enhancement or where there is FedRAMP-specific requirements or guidance available.
- a. Uses software and associated documentation in accordance with contract agreements and copyright laws;
- b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and
- c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.
Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs.
RELATED CONTROLS: CM-10
CM-10 (1) SOFTWARE USAGE RESTRICTIONS | OPEN SOURCE SOFTWARE
FedRAMP Baseline Membership CM-10 (1):
The organization establishes the following restrictions on the use of open source software: [Assignment: organization-defined restrictions].
Click Low | Moderate | High below to see FedRAMP control configuration information. It's in BOLD.
There are no FedRAMP-specific requirements if this control is used for a LOW Impact system.
There are no FedRAMP-specific requirements if this control is used for a MODERATE Impact system.
There are no FedRAMP-specific requirements if this control is used for a HIGH Impact system.
Open source software refers to software that is available in source code form. Certain software rights normally reserved for copyright holders are routinely provided under software license agreements that permit individuals to study, change, and improve the software. From a security perspective, the major advantage of open source software is that it provides organizations with the ability to examine the source code. However, there are also various licensing issues associated with open source software including, for example, the constraints on derivative use of such software.
- NO REFERENCES