Configuration Management (CM)
Update the inventory of system components as part of component installations, removals, and system updates.
Configuration Management (CM)
Maintain the currency, completeness, accuracy, and availability of the inventory of system components using [Assignment: organization-defined automated mechanisms].
Configuration Management (CM)
(a) Detect the presence of unauthorized hardware, software, and firmware components within the system using [Assignment: organization-defined automated mechanisms] [Assignment: organization-defined frequency]; and (b) Take the following actions when unauthorized components are detected: [Selection (one or more): disable network access by such components; isolate the components; notify [Assignment: organization-defined personnel or roles]].
Configuration Management (CM)
Include in the system component inventory information, a means for identifying by [Selection (one or more): name; position; role], individuals responsible and accountable for administering those components.
Configuration Management (CM)
[Withdrawn: Incorporated into CM-4.]
Configuration Management (CM)
Include assessed component configurations and any approved deviations to current deployed configurations in the system component inventory.
Configuration Management (CM)
Provide a centralized repository for the inventory of system components.
Configuration Management (CM)
Support the tracking of system components by geographic location using [Assignment: organization-defined automated mechanisms].
Configuration Management (CM)
(a) Assign system components to a system; and (b) Receive an acknowledgement from [Assignment: organization-defined personnel or roles] of this assignment.
Configuration Management (CM)
Level N/A
Develop, document, and implement a configuration management plan for the system that: a. Addresses roles, responsibilities, and configuration management processes and procedures; b. Establishes a process for identifying configuration items throughout the system development life cycle and for managing the configuration of the configuration items; c. Defines the configuration items for the system and places the configuration items under configuration management; d. Is reviewed and approved by [Assignment: organization-defined personnel or roles]; and e. Protects the configuration management plan from unauthorized disclosure and modification.
