Configuration Management (CM)
Assign responsibility for developing the configuration management process to organizational personnel that are not directly involved in system development.
Configuration Management (CM)
Level N/A
a. Use software and associated documentation in accordance with contract agreements and copyright laws; b. Track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and c. Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.
Configuration Management (CM)
Establish the following restrictions on the use of open-source software: [Assignment: organization-defined restrictions].
Configuration Management (CM)
Level N/A
a. Establish [Assignment: organization-defined policies] governing the installation of software by users; b. Enforce software installation policies through the following methods: [Assignment: organization-defined methods]; and c. Monitor policy compliance [Assignment: organization-defined frequency].
Configuration Management (CM)
[Withdrawn: Incorporated into CM-8.]
Configuration Management (CM)
Allow user installation of software only with explicit privileged status.
Configuration Management (CM)
Enforce and monitor compliance with software installation policies using [Assignment: organization-defined automated mechanisms].
Configuration Management (CM)
Level N/A
a. Identify and document the location of [Assignment: organization-defined information] and the specific system components on which the information is processed and stored; b. Identify and document the users who have access to the system and system components where the information is processed and stored; and c. Document changes to the location (i.e., system or system components) where the information is processed and stored.
Configuration Management (CM)
Use automated tools to identify [Assignment: organization-defined information by information type] on [Assignment: organization-defined system components] to ensure controls are in place to protect organizational information and individual privacy.
Configuration Management (CM)
Level N/A
Develop and document a map of system data actions.
