πΌ CM-8 System Component Inventory (L)(M)(H)
- Contextual name: πΌ CM-8 System Component Inventory (L)(M)(H)
- ID:
/frameworks/fedramp-high-security-controls/cm/08 - Located in: πΌ Configuration Management
Descriptionβ
a. Develop and document an inventory of system components that:
-
Accurately reflects the system;
-
Includes all components within the system;
-
Does not include duplicate accounting of components or components assigned to any other system;
-
Is at the level of granularity deemed necessary for tracking and reporting; and
-
Includes the following information to achieve system component accountability: [Assignment: organization-defined information deemed necessary to achieve effective system component accountability]; and
b. Review and update the system component inventory [FedRAMP Assignment: at least monthly].
CM-8 Additional FedRAMP Requirements and Guidance:
Requirement: must be provided at least monthly or when there is a change.
Similarβ
- Sections
/frameworks/nist-sp-800-53-r5/cm/08
- Internal
- ID:
dec-c-522d70ef
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ CM-8 System Component Inventory | 9 | 1 |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP Low Security Controls β πΌ CM-8 System Component Inventory (L)(M)(H) | 1 | |||
| πΌ FedRAMP Moderate Security Controls β πΌ CM-8 System Component Inventory (L)(M)(H) | 2 | 1 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ CM-8(1) Updates During Installation and Removal (M)(H) | ||||
| πΌ CM-8(2) Automated Maintenance (H) | 1 | |||
| πΌ CM-8(3) Automated Unauthorized Component Detection (M)(H) | ||||
| πΌ CM-8(4) Accountability Information (H) |
Policies (1)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS Account Config is not enabled in all regions π’ | 1 | π’ x6 |