Skip to main content

💼 CM-5 Access Restrictions for Change (L)(M)(H)

  • Contextual name: 💼 CM-5 Access Restrictions for Change (L)(M)(H)
  • ID: /frameworks/fedramp-moderate-security-controls/cm/05
  • Located in: 💼 Configuration Management

Description

Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system.

Similar

  • Sections
    • /frameworks/fedramp-high-security-controls/cm/05
  • Internal
    • ID: dec-c-c3c6e693

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlags
💼 FedRAMP High Security Controls → 💼 CM-5 Access Restrictions for Change (L)(M)(H)21416

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags
💼 CM-5(1) Automated Access Enforcement and Audit Records (M)(H)8
💼 CM-5(5) Privilege Limitation for Production and Operation (M)(H)1

Policies (8)

PolicyLogic CountFlags
📝 AWS Account IAM Access Analyzer is not enabled for all regions 🟢1🟢 x6
📝 AWS IAM Policy allows full administrative privileges 🟢1🟢 x6
📝 AWS RDS Instance Auto Minor Version Upgrade is not enabled 🟠🟢1🟠 x1, 🟢 x6
📝 Azure App Service Authentication is disabled and Basic Authentication is enabled 🟢1🟢 x6
📝 Azure App Service Basic Authentication is enabled 🟢🟢 x3
📝 Azure App Service does not run the latest Java version 🟢🟢 x3
📝 Azure App Service does not run the latest PHP version 🟢🟢 x3
📝 Azure App Service does not run the latest Python version 🟢🟢 x3