Skip to main content

πŸ’Ό CM-5 Access Restrictions for Change (L)(M)(H)

  • Contextual name: πŸ’Ό CM-5 Access Restrictions for Change (L)(M)(H)
  • ID: /frameworks/fedramp-high-security-controls/cm/05
  • Located in: πŸ’Ό Configuration Management

Description​

Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system.

Similar​

  • Sections
    • /frameworks/nist-sp-800-53-r5/cm/05
  • Internal
    • ID: dec-c-c3c6e693

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CM-5 Access Restrictions for Change7

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό CM-5 Access Restrictions for Change (L)(M)(H)8
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό CM-5 Access Restrictions for Change (L)(M)(H)217

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CM-5(1) Automated Access Enforcement and Audit Records (M)(H)89
πŸ’Ό CM-5(5) Privilege Limitation for Production and Operation (M)(H)11

Policies (8)​

PolicyLogic CountFlags
πŸ“ AWS Account IAM Access Analyzer is not enabled for all regions 🟒1🟒 x6
πŸ“ AWS IAM Policy allows full administrative privileges 🟒1🟒 x6
πŸ“ AWS RDS Instance Auto Minor Version Upgrade is not enabled 🟠🟒1🟠 x1, 🟒 x6
πŸ“ Azure App Service Authentication is disabled and Basic Authentication is enabled 🟒1🟒 x6
πŸ“ Azure App Service Basic Authentication is enabled 🟒🟒 x3
πŸ“ Azure App Service does not run the latest Java version 🟒🟒 x3
πŸ“ Azure App Service does not run the latest PHP version 🟒🟒 x3
πŸ“ Azure App Service does not run the latest Python version 🟒🟒 x3

Internal Rules​

RulePoliciesFlags
βœ‰οΈ dec-x-157aa4b91
βœ‰οΈ dec-x-879aa9961
βœ‰οΈ dec-x-215302da1
βœ‰οΈ dec-x-a20e54a01
βœ‰οΈ dec-x-ab7fc52e1
βœ‰οΈ dec-x-ca52f63a2
βœ‰οΈ dec-x-f82b98491