a. Use software and associated documentation in accordance with contract agreements and copyright laws; b. Track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and c. Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.
Standard “software usage restrictions” translate into a blanket rule that only mission-approved binaries may exist on the bus. The storage footprint of a satellite is measured in megabytes, not gigabytes, and upload bandwidth is scarce; therefore, every executable must be enumerated in the software-load manifest, cryptographically hashed, and cross-checked by the bootloader at start-up. Unvetted utilities, temporary installers, or diagnostic scripts are prohibited from the flight image and may run only in the ground testbed. For hosted payloads that import their code, the bus must enforce isolation via containerization, partitioned FSW, or a hypervisor to prevent unapproved libraries from spilling onto shared volumes.
| ID | Name | Description | D3FEND | |
| ID | Description | |
| Requirement | Rationale/Additional Guidance/Notes |
|---|---|
| The [organization] shall track security advisories, patches/updates, and ensure compliance with license agreements and usage restrictions for all software within the SBOM.{CM-10} | |
| The [organization] shall perform software component analysis (a.k.a.origin analysis) for developed or acquired software.{CM-10,CM-10(1),RA-3(1),RA-5,SA-15(7),SI-3,SI-3(10),SR-4(4)} | |
| The [organization] shall maintain a list of suppliers and potential suppliers used, and the products that they supply to include software.{SV-SP-3,SV-SP-4,SV-SP-11}{CM-10,PL-8(2),PM-30,SA-8(9),SA-8(11)} | Ideally you have diversification with suppliers |
| ID | Name | Description | |
|---|---|---|---|