Configuration Management

NIST 800-171 - Access Restrictions for Changes (3.4.5)

Mon, Sep 26, 2022 0 0 432 0/5 (0 Vote)

Overview:Define, document, approve, and enforce physical and logical access restrictions associated with changes to the information system. Action Items:3.4.5[a]Determine if: physical access restrictions associated with changes to the system are... Read More

NIST 800-171 - Asset Inventory and Baseline Configuration (3.4.1)

Mon, Sep 26, 2022 0 0 380 0/5 (0 Vote)

Overview:Establish and maintain baseline configurations and inventories of organizational information systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. Action Items:3.4.1[a... Read More

NIST 800-171 - Authorized Software Execution (3.4.8)

Mon, Sep 26, 2022 0 0 317 0/5 (0 Vote)

Overview:Apply deny-by-exception (blacklist) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software. Action Items:3.4.8[a]Determine if: a policy... Read More

NIST 800-171 - Configuration Change Control (3.4.3)

Mon, Sep 26, 2022 0 0 365 0/5 (0 Vote)

Overview:Track, review, approve/disapprove, and audit changes to information systems. Action Items:3.4.3[a]Determine if: changes to the system are tracked. 3.4.3[b]Determine if: changes to the system are reviewed. 3.4.3[c]Determine if: changes to the... Read More

NIST 800-171 - Disable Unnecessary Components (3.4.7)

Mon, Sep 26, 2022 0 0 345 0/5 (0 Vote)

Overview:Restrict, disable, and prevent the use of nonessential programs, functions, ports, protocols, and services. Action Items:3.4.7[a]Determine if: essential programs are defined. 3.4.7[b]Determine if: the use of nonessential programs is defined.... Read More

NIST 800-171 - Least Functionality (3.4.6)

Mon, Sep 26, 2022 0 0 357 0/5 (0 Vote)

Overview:Employ the principle of least functionality by configuring the information system to provide only essential capabilities. Action Items:3.4.6[a]Determine if: essential system capabilities are defined based on the principle of least... Read More

NIST 800-171 - Security Configuration Settings (3.4.2)

Mon, Sep 26, 2022 0 0 358 0/5 (0 Vote)

Overview:Establish and enforce security configuration settings for information technology products employed in organizational information systems. Action Items:3.4.2[a]Determine if: security configuration settings for information technology products... Read More

NIST 800-171 - Security Impact Analysis (3.4.4)

Mon, Sep 26, 2022 0 0 352 0/5 (0 Vote)

Overview:Analyze the security impact of changes prior to implementation. Action Items:3.4.4[a]Determine if: the security impact of changes to the system is analyzed prior to implementation. POTENTIAL ASSESSMENT METHODS AND OBJECTS 1Examine:... Read More

NIST 800-171 - User-Installed Software (3.4.9)

Mon, Sep 26, 2022 0 0 379 0/5 (0 Vote)

Overview:Control and monitor user-installed software. Action Items:3.4.9[a]Determine if: a policy for controlling the installation of software by users is established. 3.4.9[b]Determine if: installation of software by users is controlled based on the... Read More