A.5.32 - Intellectual property rights

NIST SP 800-53 Revision 5 Mapping

ID Name
CM-10 Software Usage Restrictions

SPARTA Countermeasures Mapping

ID Name Description D3FEND

Related SPARTA Techniques and Sub-Techniques

ID Name Description

Space Threats Mapped

ID Description

Sample Requirements

Requirement Rationale/Additional Guidance/Notes
The [organization] shall track security advisories, patches/updates, and ensure compliance with license agreements and usage restrictions for all software within the SBOM.{CM-10}
The [organization] shall perform software component analysis (a.k.a.origin analysis) for developed or acquired software.{CM-10,CM-10(1),RA-3(1),RA-5,SA-15(7),SI-3,SI-3(10),SR-4(4)}
The [organization] shall maintain a list of suppliers and potential suppliers used, and the products that they supply to include software.{SV-SP-3,SV-SP-4,SV-SP-11}{CM-10,PL-8(2),PM-30,SA-8(9),SA-8(11)} Ideally you have diversification with suppliers