💼 CM-9 Configuration Management Plan (M)(H)
- ID:
/frameworks/fedramp-high-security-controls/cm/09
Description
Develop, document, and implement a configuration management plan for the system that:
a. Addresses roles, responsibilities, and configuration management processes and procedures;
b. Establishes a process for identifying configuration items throughout the system development life cycle and for managing the configuration of the configuration items;
c. Defines the configuration items for the system and places the configuration items under configuration management;
d. Is reviewed and approved by [Assignment: organization-defined personnel or roles]; and
e. Protects the configuration management plan from unauthorized disclosure and modification.
CM-9 Additional FedRAMP Requirements and Guidance:
Guidance: FedRAMP does not provide a template for the Configuration Management Plan. However, NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems, provides guidelines for the implementation of CM controls as well as a sample CMP outline in Appendix D of the Guide.
Similar
- Sections
/frameworks/nist-sp-800-53-r5/cm/09
- Internal
- ID:
dec-c-d0487a4e
- ID:
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST SP 800-53 Revision 5 → 💼 CM-9 Configuration Management Plan | 1 | 8 | no data |
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 FedRAMP Moderate Security Controls → 💼 CM-9 Configuration Management Plan (M)(H) | 8 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (8)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ Google Cloud DNS Managed Zone DNSSEC is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Cloud DNS Managed Zone DNSSEC Key-Signing Algorithm is RSASHA1🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Cloud DNS Managed Zone DNSSEC Zone-Signing Algorithm is RSASHA1🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Cloud SQL Server Instance user options Database Flag is configured🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Project has a default network🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Project has a legacy network🟢 | 1 | 🟢 x6 | no data |