Skip to main content

💼 CM-5 Access Restrictions for Change (L)(M)(H)

  • Contextual name: 💼 CM-5 Access Restrictions for Change (L)(M)(H)
  • ID: /frameworks/fedramp-high-security-controls/cm/05
  • Located in: 💼 Configuration Management

Description

Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system.

Similar

  • Sections
    • /frameworks/nist-sp-800-53-r5/cm/05
  • Internal
    • ID: dec-c-c3c6e693

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST SP 800-53 Revision 5 → 💼 CM-5 Access Restrictions for Change7

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlags
💼 FedRAMP Low Security Controls → 💼 CM-5 Access Restrictions for Change (L)(M)(H)8
💼 FedRAMP Moderate Security Controls → 💼 CM-5 Access Restrictions for Change (L)(M)(H)216

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags
💼 CM-5(1) Automated Access Enforcement and Audit Records (M)(H)78
💼 CM-5(5) Privilege Limitation for Production and Operation (M)(H)11

Policies (8)

PolicyLogic CountFlags
📝 AWS Account IAM Access Analyzer is not enabled for all regions 🟢1🟢 x6
📝 AWS IAM Policy allows full administrative privileges 🟢1🟢 x6
📝 AWS RDS Instance Auto Minor Version Upgrade is not enabled 🟠🟢1🟠 x1, 🟢 x6
📝 Azure App Service Authentication is disabled and Basic Authentication is enabled 🟢1🟢 x6
📝 Azure App Service Basic Authentication is enabled 🟢🟢 x3
📝 Azure App Service does not run the latest Java version 🟢🟢 x3
📝 Azure App Service does not run the latest PHP version 🟢🟢 x3
📝 Azure App Service does not run the latest Python version 🟢🟢 x3

Internal Rules

RulePoliciesFlags
✉️ dec-x-157aa4b91
✉️ dec-x-879aa9961
✉️ dec-x-215302da1
✉️ dec-x-a20e54a01
✉️ dec-x-ab7fc52e1
✉️ dec-x-ca52f63a2
✉️ dec-x-f82b98491