Skip to Content

Reviews and Updates CM-2(1)

642  Matthew Burdick September 29, 2022  Configuration Management (CM)

Overview:
The organization reviews and updates the baseline configuration of the information system:
(a) [Assignment: organization-defined frequency];
(b) When required due to [Assignment organization-defined circumstances]; and
(c) As an integral part of information system component installations and upgrades.


Supplemental Guidance:

Related control: CM-5.


Action Items:
1) Establish and maintain a baseline for information systems

2) Review and update the baseline on a regular basis


Related Documents:
1) Secure Systems Configuration Policy


Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
CM-2 (1) (a) [at least annually or when a significant change occurs]
CM-2 (1) (b) [to include when directed by the JAB]


Moderate Additional FedRAMP Requirements and Guidance
none
Not Rated
Secure Code