NIST 800-171 R-3.4.9
Control User-Installed Software
Official citation: 3.4.9
Class: core · Severity: medium
Statement of the obligation — verify against source
3.4.9
What it means
Control and monitor software that users install. Set policy defining what's permitted (such as updates and patches, or apps from organization-approved app stores) and what's prohibited (software of unknown or suspect origin, or anything potentially malicious), and enforce it through procedural methods, automated methods, or both.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.