πΌ CM-2 Baseline Configuration (L)(M)(H)
- Contextual name: πΌ CM-2 Baseline Configuration (L)(M)(H)
- ID:
/frameworks/fedramp-high-security-controls/cm/02 - Located in: πΌ Configuration Management
Descriptionβ
a. Develop, document, and maintain under configuration control, a current baseline configuration of the system; and
b. Review and update the baseline configuration of the system:
-
[FedRAMP Assignment: at least annually and when a significant change occurs];
-
When required due to [FedRAMP Assignment: to include when directed by the JAB]; and
-
When system components are installed or upgraded.
CM-2 Additional FedRAMP Requirements and Guidance:
(b) (1) Guidance: Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F.
Similarβ
- Sections
/frameworks/nist-sp-800-53-r5/cm/02
- Internal
- ID:
dec-c-aa2b018a
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ CM-2 Baseline Configuration | 7 | 13 |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP Low Security Controls β πΌ CM-2 Baseline Configuration (L)(M)(H) | 13 | |||
| πΌ FedRAMP Moderate Security Controls β πΌ CM-2 Baseline Configuration (L)(M)(H) | 3 | 14 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ CM-2(2) Automation Support for Accuracy and Currency (M)(H) | 13 | |||
| πΌ CM-2(3) Retention of Previous Configurations (M)(H) | 1 | 1 | ||
| πΌ CM-2(7) Configure Systems and Components for High-risk Areas (M)(H) |