home || catalog: SP800-53rev3 / class: Management / family: (SA) System and Services Acquisition ||
search controls:
search nistpubs:

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
RA
SA

SA-01
SA-02
SA-03
SA-04
SA-05
SA-06 *
SA-07
SA-08
SA-09
SA-10
SA-11
SA-12
SA-13
SA-14

SC
SI
MMMMM

  SA-06: Software Usage Restrictions  

base control objective:
The organization:
a. Uses software and associated documentation in accordance with contract agreements and copyright laws;
b. Employs tracking systems for software and associated documentation protected by quantity licenses to control copying and distribution; and
c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.

supplemental objective information:
Tracking systems can include, for example, simple spreadsheets or fully automated, specialized applications depending on the needs of the organization.

enhancements to the base objective:

(1) The organization:
(a) Prohibits the use of binary or machine executable code in the information system from the public domain sources or from sources with limited or no warranty without accompanying source code; and
(b) Provides exceptions to the source code requirement only for compelling mission/operational requirements when no alternative solutions are available and with the express written consent of the authorizing official.
Enhancement Supplemental Guidance: Public domain software products are typically referred to as shareware or freeware. Software products without accompanying source code from public domain sources or sources with limited or no warranty are assessed for potential security impacts. The assessment addresses the fact that these types of software products are difficult or impossible to review, repair, or extend, given that the organization does not have access to the original source code and there is no owner who could make such repairs on behalf of the organization.

mapping to FIPS199 baseline:

  LOW: base     MOD: base     HIGH: base  

related (regimented) controls:

None.

documents referenced in SP800-53rev3 for SA-06:

None.

Document Date Status Title

Search SP800-53rev3 catalog: