CM-14: Signed Components

the installation of software components is prevented unless it is verified that the software has been digitally signed using a certificate recognized and approved by the organization;

the installation of firmware components is prevented unless it is verified that the firmware has been digitally signed using a certificate recognized and approved by the organization.

Configuration management policy

procedures addressing digitally signed certificates for software and firmware components

configuration management plan

system security plan

system design documentation

change control records

system component inventory

system security plan

other relevant documents or records

Organizational personnel with responsibilities for verifying digitally signed certificates for software and firmware component installation

organizational personnel with information security responsibilities

system/network administrators

system developers

Organizational processes governing information location

mechanisms enforcing policies and methods for governing information location

automated tools supporting or implementing digitally signatures for software and firmware components

automated tools supporting or implementing verification of digital signatures for software and firmware component installation