Configuration Management (CM)
Ensure that cryptographic mechanisms used to provide the following controls are under configuration management: [Assignment: organization-defined controls].
Configuration Management (CM)
Review changes to the system [Assignment: organization-defined frequency] or when [Assignment: organization-defined circumstances] to determine whether unauthorized changes have occurred.
Configuration Management (CM)
Prevent or restrict changes to the configuration of the system under the following circumstances: [Assignment: organization-defined circumstances].
Configuration Management (CM)
Level N/A
Analyze changes to the system to determine potential security and privacy impacts prior to change implementation.
Configuration Management (CM)
Analyze changes to the system in a separate test environment before implementation in an operational environment, looking for security and privacy impacts due to flaws, weaknesses, incompatibility, or intentional malice.
Configuration Management (CM)
After system changes, verify that the impacted controls are implemented correctly, operating as intended, and producing the desired outcome with regard to meeting the security and privacy requirements for the system.
Configuration Management (CM)
Level N/A
Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system.
Configuration Management (CM)
(a) Enforce access restrictions using [Assignment: organization-defined automated mechanisms]; and (b) Automatically generate audit records of the enforcement actions.
Configuration Management (CM)
[Withdrawn: Incorporated into CM-7(5).]
Configuration Management (CM)
[Withdrawn: Incorporated into CM-3(7).]
