NIST SP 800-171
Control 3.4.9
Control and Monitor User-Installed Software
CMMC-RP Certified Team
24+ Years Experience
2,500+ Clients Served
Official Requirement
Control and monitor user-installed software.
What This Means in Plain English
Users should not be able to install software on their own without approval. If user-installed software is permitted, it must be monitored and controlled to prevent the introduction of malware or unauthorized tools.
How Petronella Implements This Control
Petronella Technology Group implements this control through:
- Standard user accounts without local admin rights, preventing unauthorized software installation
- Software deployment managed through Microsoft Intune with a curated application catalog
- Sophos XDR detecting and alerting on new software installations across all endpoints
- Software request process requiring manager and IT approval before deployment
- ComplianceArmor tracking software installation requests and approvals
Assessment Guidance
Assessors will verify that standard users cannot install software, test that the software request process is documented and followed, review monitoring for unauthorized installations, and check that installed software inventories are current.
Common Implementation Gaps
- Users with local admin rights able to install anything
- No software request and approval process
- No monitoring for new software installations
- Browser extensions installed without oversight
- No regular audit of installed software on endpoints
Cross-Framework Mapping
| Framework | Mapped Controls |
|---|---|
| NIST SP 800-53 | CM-11 |
Need Help Implementing 3.4.9?
Our CMMC-RP certified team can assess your current compliance posture and build a remediation plan.
Schedule a Compliance Assessment