💼 CM-9 Configuration Management Plan (M)(H)
- Contextual name: 💼 CM-9 Configuration Management Plan (M)(H)
- ID:
/frameworks/fedramp-high-security-controls/cm/09 - Located in: 💼 Configuration Management
Description
Develop, document, and implement a configuration management plan for the system that:
a. Addresses roles, responsibilities, and configuration management processes and procedures;
b. Establishes a process for identifying configuration items throughout the system development life cycle and for managing the configuration of the configuration items;
c. Defines the configuration items for the system and places the configuration items under configuration management;
d. Is reviewed and approved by [Assignment: organization-defined personnel or roles]; and
e. Protects the configuration management plan from unauthorized disclosure and modification.
CM-9 Additional FedRAMP Requirements and Guidance:
Guidance: FedRAMP does not provide a template for the Configuration Management Plan. However, NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems, provides guidelines for the implementation of CM controls as well as a sample CMP outline in Appendix D of the Guide.
Similar
- Sections
/frameworks/nist-sp-800-53-r5/cm/09
- Internal
- ID:
dec-c-d0487a4e
- ID:
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 NIST SP 800-53 Revision 5 → 💼 CM-9 Configuration Management Plan | 1 | 8 |
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 FedRAMP Moderate Security Controls → 💼 CM-9 Configuration Management Plan (M)(H) | 8 |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|