CM-10: Software Usage Restrictions

NIST Baseline:  Low 

DIR Required By:  01/20/2023 

TAMUS Required By:  08/01/2022 

Review Date:  06/26/2024 

• The information resource owner, or designee, shall: 
  • Ensure software and associated documentation is used in accordance with contract agreements, Texas A&M University System (TAMUS) Regulation 29.01.02, Use of Licensed Software, and U.S. Copyright Laws; 
  • Track the use of site licensed or quantity limited software to ensure compliance with contract agreements, TAMUS Regulation 29.01.02, and U.S. Copyright Laws; and 
  • Understand that unauthorized or unlicensed use of software is regarded as a serious matter subject to disciplinary action.  
• The primary custodian of a computer or other Tarleton-owned asset shall:    
  • Install a software application on a computer only: 
    • With the approval of the primary custodian of the software application; and  
    • If such installation is in accordance with all applicable laws and policies.  
  • Remove from the computer or Tarleton-owned asset any software application that has not gone through appropriate approval processes as determined by the Tarleton Chief Information Security Officer (CISO) and/or violates laws and policies.  

---

References/Additional Resources

Model Security Plan for Prohibited Technologies 

TAMUS Regulation 29.01.02