CM-7(8)—Binary Or Machine Executable Code
>Control Description
When exceptions are made to use software products without accompanying source code and with limited or no warranty because of compelling mission or operational requirements, approval by the authorizing official should be contingent upon the enterprise explicitly incorporating cybersecurity supply chain risk assessments as part of a broader assessment of such software products, as well as the implementation of compensating controls to address any identified and assessed risks.
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.