Overview:
The information system enforces access restrictions and supports auditing of the enforcement actions.
Related controls: AU-2, AU-12, AU-6, CM-3, CM-6.
Action Items:
1) Ensure only qualified personnel can implement changes
2) Ensure systems create audit logs of changes
Related Documents:
1) Secure Systems Configuration Policy
2) Change Management Policy
3) Access Control Policy
4) Logging and Monitoring Policy
Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
none
Moderate Additional FedRAMP Requirements and Guidance
none
Article ID: 649
Created: September 29, 2022
Last Updated: September 29, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/automated-access-enforcement-and-auditing-cm-5-1-649.html