This objective requires your organization to identify and document the technical controls in place to prevent unauthorized or unapproved software from executing, particularly on systems that store or process Controlled Unclassified Information (CUI).