Automated Access, Enforcement and Auditing CM-5(1)

Overview:
The information system enforces access restrictions and supports auditing of the enforcement actions.

Related controls: AU-2, AU-12, AU-6, CM-3, CM-6.

Action Items:
1) Ensure only qualified personnel can implement changes

2) Ensure systems create audit logs of changes

Related Documents:
1) Secure Systems Configuration Policy

2) Change Management Policy

3) Access Control Policy

4) Logging and Monitoring Policy

Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
none

Moderate Additional FedRAMP Requirements and Guidance
none