NIST CSF 2.0 · All Functions · PR Protect · PR.PS Platform Security

PR.PS-05

Installation and execution of unauthorized software are prevented

Implementation examples

Ex1: When risk warrants it, restrict software execution to permitted products only or deny the execution of prohibited and unauthorized software
Ex2: Verify the source of new software and the software's integrity before installing it
Ex3: Configure platforms to use only approved DNS services that block access to known malicious domains
Ex4: Configure platforms to allow the installation of organization-approved software only

Mapped NIST 800-53 r5 controls (4)

Mapped CWE weaknesses (4)

Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.

CWE-200→P CWE-269←P CWE-284←P →P CWE-285←P →P

All informative references (43)

AI-SOC: AI-SOC-03
AI-SOC: AI-SOC-20
CCMv4.0: CCC-04
CCMv4.0: UEM-02
CCMv4.0: UEM-09
CIS Controls v8.0: 2.5
CIS Controls v8.1: 2.5
CRI Profile v2.0: PR.PS-05
CRI Profile v2.0: PR.PS-05.01
CRI Profile v2.0: PR.PS-05.02
CRI Profile v2.0: PR.PS-05.03
ISO/IEC 27001:2022: Mandatory Clause: None
ISO/IEC 27001:2022: Annex A Controls: 8.19
NICE Framework: DD-WRL-001
NICE Framework: DD-WRL-002
NICE Framework: IO-WRL-005
NICE Framework: IO-WRL-007
NICE Framework: OG-WRL-001
NICE Framework: OG-WRL-013
NICE Framework: PD-WRL-004
NICE Framework: PD-WRL-007
OWASP Top 10 LLM Applications: LLM03-2025
PCI DSS: 2.2.1
PCI DSS: 5.3.2
PCI DSS: 6.4.3
SCF: CFG-01
SCF: CFG-02
SCF: CFG-03
SCF: CFG-03.2
SCF: CFG-05
SCF: END-03
SDOS: SDOS-AD-01
SDOS: SDOS-GV-01
SDOS: SDOS-GV-05
SDOS: SDOS-IN-03
SP 800-53 Rev 5.1.1: CM-07(02)
SP 800-53 Rev 5.1.1: CM-07(04)
SP 800-53 Rev 5.1.1: CM-07(05)
SP 800-53 Rev 5.1.1: SC-34
SP 800-53 Rev 5.2.0: CM-07(02)
SP 800-53 Rev 5.2.0: CM-07(04)
SP 800-53 Rev 5.2.0: CM-07(05)
SP 800-53 Rev 5.2.0: SC-34

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).