Audit and Accountability (AU)
Level 2
Protect audit information and audit logging tools from unauthorized access, modification, and deletion.
Audit and Accountability (AU)
Level 2
Limit management of audit logging functionality to a subset of privileged users.
Configuration Management (CM)
Level 2
Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles.
Configuration Management (CM)
Establish and enforce security configuration settings for information technology products employed in organizational systems.
Configuration Management (CM)
Level 2
Track, review, approve or disapprove, and log changes to organizational systems.
Configuration Management (CM)
Level 2
Analyze the security impact of changes prior to implementation.
Configuration Management (CM)
Level 2
Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems.
Configuration Management (CM)
Level 2
Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities.
Configuration Management (CM)
Level 2
Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services.
Configuration Management (CM)
Level 2
Apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software.
