Configuration Management (CM)

Access Restrictions for Change CM-5

Thu, Sep 29, 2022 0 0 387 0/5 (0 Vote)

Overview:The organization defines, documents, approves, and enforces physical and logical access restrictions associated with changes to the information system. Supplemental Guidance:Any changes to the hardware, software, and/or firmware components... Read More

Authorized Software and Whitelisting CM-7(5)

Thu, Sep 29, 2022 0 0 374 0/5 (0 Vote)

Overview:The organization:(a) Identifies [Assignment: organization-defined software programs authorized to execute on the information system];(b) Employs a deny-all, permit-by-exception policy to allow the execution of authorized software programs on... Read More

Automated Access, Enforcement and Auditing CM-5(1)

Thu, Sep 29, 2022 0 0 385 0/5 (0 Vote)

Overview:The information system enforces access restrictions and supports auditing of the enforcement actions. Related controls: AU-2, AU-12, AU-6, CM-3, CM-6. Action Items:1) Ensure only qualified personnel can implement changes 2) Ensure systems... Read More

Automated General Management and Application and Verification CM-6(1)

Thu, Sep 29, 2022 0 0 379 0/5 (0 Vote)

Overview:The organization employs automated mechanisms to centrally manage, apply, and verify configuration settings for [Assignment: organization-defined information system components]. Supplemental Guidance: Related controls:CA-7, CM-4. Action... Read More

Automated Unauthorized Component Detection CM-8(3)

Thu, Sep 29, 2022 0 0 388 0/5 (0 Vote)

Overview:The organization:(a) Employs automated mechanisms [Assignment: organization-defined frequency] to detect the presence of unauthorized hardware, software, and firmware components within the information system; and(b) Takes the following... Read More

Automation Support for Accuracy and Currency CM-2(2)

Thu, Sep 29, 2022 0 0 442 0/5 (0 Vote)

Overview:The organization employs automated mechanisms to maintain an up-to-date, complete, accurate, and readily available baseline configuration of the information system. Supplemental Guidance:Automated mechanisms that help organizations maintain... Read More

Baseline Configuration CM-2

Thu, Sep 29, 2022 0 0 387 0/5 (0 Vote)

Overview:The organization develops, documents, and maintains under configuration control, a current baseline configuration of the information system. Supplemental Guidance:This control establishes baseline configurations for information systems and... Read More

Configuration Change Control CM-3

Thu, Sep 29, 2022 0 0 425 0/5 (0 Vote)

Overview:The organization: a. Determines the types of changes to the information system that are configuration-controlled; b. Reviews proposed configuration-controlled changes to the information system and approves or disapproves such changes with... Read More

Configuration Management Plan CM-9

Thu, Sep 29, 2022 0 0 447 0/5 (0 Vote)

Overview:The organization develops, documents, and implements a configuration management plan for the information system that:a. Addresses roles, responsibilities, and configuration management processes and procedures;b. Establishes a process for... Read More

Configuration Management Policy and Procedures CM-1

Thu, Sep 29, 2022 0 0 399 0/5 (0 Vote)

Overview:The organization:a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]:1. A configuration management policy that addresses purpose, scope, roles, responsibilities, management commitment,... Read More

Results 1 - 10 of 26