Skip to main content

πŸ’Ό CM-2 Baseline Configuration (L)(M)(H)

  • Contextual name: πŸ’Ό CM-2 Baseline Configuration (L)(M)(H)
  • ID: /frameworks/fedramp-moderate-security-controls/cm/02
  • Located in: πŸ’Ό Configuration Management

Description​

a. Develop, document, and maintain under configuration control, a current baseline configuration of the system; and

b. Review and update the baseline configuration of the system:

  1. [FedRAMP Assignment: at least annually and when a significant change occurs];

  2. When required due to [FedRAMP Assignment: to include when directed by the JAB]; and

  3. When system components are installed or upgraded.

CM-2 Additional FedRAMP Requirements and Guidance:

(b) (1) Guidance: Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F.

Similar​

  • Sections
    • /frameworks/fedramp-high-security-controls/cm/02
  • Internal
    • ID: dec-c-aa2b018a

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό CM-2 Baseline Configuration (L)(M)(H)3124

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CM-2(2) Automation Support for Accuracy and Currency (M)(H)14
πŸ’Ό CM-2(3) Retention of Previous Configurations (M)(H)1
πŸ’Ό CM-2(7) Configure Systems and Components for High-risk Areas (M)(H)

Policies (23)​

PolicyLogic CountFlags
πŸ“ AWS Account Alternate Contact Information is not current πŸ”΄πŸŸ’πŸ”΄ x1, 🟒 x3
πŸ“ AWS API Gateway API Route Authorization Type is not configured 🟒1🟒 x6
πŸ“ AWS CloudFront Web Distribution uses Dedicated IP for SSL 🟒1🟒 x6
πŸ“ AWS EC2 Auto Scaling Group Launch Template is not configured to require IMDSv2 🟒1🟒 x6
πŸ“ AWS EC2 Auto Scaling Group uses Launch Configuration instead of Launch Template 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted CIFS traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted FTP traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted RPC traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted SMTP traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to MSSQL 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to MySQL 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to PostgreSQL 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted Telnet traffic 🟒1🟒 x6
πŸ“ AWS VPC Network ACL exposes admin ports to public internet ports 🟒1🟒 x6
πŸ“ Google Cloud DNS Managed Zone DNSSEC is not enabled 🟒1🟒 x6
πŸ“ Google Cloud DNS Managed Zone DNSSEC Key-Signing Algorithm is RSASHA1 🟒1🟒 x6
πŸ“ Google Cloud DNS Managed Zone DNSSEC Zone-Signing Algorithm is RSASHA1 🟒1🟒 x6
πŸ“ Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on 🟒1🟒 x6
πŸ“ Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value 🟒1🟒 x6
πŸ“ Google Cloud SQL Server Instance user options Database Flag is configured 🟒1🟒 x6
πŸ“ Google Project has a legacy network 🟒1🟒 x6