Overview:
The organization reviews and updates the baseline configuration of the information system:
(a) [Assignment: organization-defined frequency];
(b) When required due to [Assignment organization-defined circumstances]; and
(c) As an integral part of information system component installations and upgrades.
Supplemental Guidance:
Related control: CM-5.
Action Items:
1) Establish and maintain a baseline for information systems
2) Review and update the baseline on a regular basis
Related Documents:
1) Secure Systems Configuration Policy
Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
CM-2 (1) (a) [at least annually or when a significant change occurs]
CM-2 (1) (b) [to include when directed by the JAB]
Moderate Additional FedRAMP Requirements and Guidance
none
Article ID: 642
Created: September 29, 2022
Last Updated: September 29, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/reviews-and-updates-cm-2-1-642.html