| 💼 CM-1 Policy and Procedures (L)(M)(H) | | | 3 | | no data |
| 💼 CM-2 Baseline Configuration (L)(M)(H) | 3 | | 28 | | no data |
|  💼 CM-2(2) Automation Support for Accuracy and Currency (M)(H) | | | 16 | | no data |
|  💼 CM-2(3) Retention of Previous Configurations (M)(H) | | | 1 | | no data |
|  💼 CM-2(7) Configure Systems and Components for High-risk Areas (M)(H) | | | | | no data |
| 💼 CM-3 Configuration Change Control (M)(H) | 2 | | 19 | | no data |
|  💼 CM-3(2) Testing, Validation, and Documentation of Changes (M)(H) | | | | | no data |
|  💼 CM-3(4) Security and Privacy Representatives (M)(H) | | | | | no data |
| 💼 CM-4 Impact Analyses (L)(M)(H) | 1 | | | | no data |
|  💼 CM-4(2) Verification of Controls (M)(H) | | | | | no data |
| 💼 CM-5 Access Restrictions for Change (L)(M)(H) | 2 | | 16 | | no data |
|  💼 CM-5(1) Automated Access Enforcement and Audit Records (M)(H) | | | 8 | | no data |
|  💼 CM-5(5) Privilege Limitation for Production and Operation (M)(H) | | | 1 | | no data |
| 💼 CM-6 Configuration Settings (L)(M)(H) | 1 | | 12 | | no data |
|  💼 CM-6(1) Automated Management, Application, and Verification (M)(H) | | | 1 | | no data |
| 💼 CM-7 Least Functionality (L)(M)(H) | 3 | | 33 | | no data |
|  💼 CM-7(1) Periodic Review (M)(H) | | | 12 | | no data |
|  💼 CM-7(2) Prevent Program Execution (M)(H) | | | | | no data |
|  💼 CM-7(5) Authorized Software — Allow-by-exception (M)(H) | | | | | no data |
| 💼 CM-8 System Component Inventory (L)(M)(H) | 2 | | 5 | | no data |
|  💼 CM-8(1) Updates During Installation and Removal (M)(H) | | | 2 | | no data |
|  💼 CM-8(3) Automated Unauthorized Component Detection (M)(H) | | | 1 | | no data |
| 💼 CM-9 Configuration Management Plan (M)(H) | | | 8 | | no data |
| 💼 CM-10 Software Usage Restrictions (L)(M)(H) | | | | | no data |
| 💼 CM-11 User-installed Software (L)(M)(H) | | | 4 | | no data |
| 💼 CM-12 Information Location (M)(H) | 1 | | | | no data |
|  💼 CM-12(1) Automated Tools to Support Information Location (M)(H) | | | | | no data |