Overview
System libraries are managed and maintained to protect privileged programs and to prevent or minimize the introduction of unauthorized code.
Threat
Without appropriate library management controls, unauthorized code can intentionally or inadvertently be added to information systems. Software versioning, access rights, etc. all work towards maintaining a known configuration.
Guidance
1. Libraries shall be controlled by the CCB.
2. Access to libraries shall be restricted to a minimum number of individuals.
3. A library access log shall be maintained, preferably automated.
DoD classifies this control in the subject area of “Security Design and Configuration” with a impact of “Medium”.