CMMC Practice CM.2.063: Control and monitor user-installed software.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
You should limit installed software to items that the organization approved. Users willinstall software that creates unnecessary risk. This risk applies both to the machine and to the larger operating environment. You should control the software users can install. You should put in place policies and technical controls that can reduce risk to the organization.