πΌ CM-9 Configuration Management Plan (M)(H)
- Contextual name: πΌ CM-9 Configuration Management Plan (M)(H)
- ID:
/frameworks/fedramp-moderate-security-controls/cm/09 - Located in: πΌ Configuration Management
Descriptionβ
Develop, document, and implement a configuration management plan for the system that:
a. Addresses roles, responsibilities, and configuration management processes and procedures;
b. Establishes a process for identifying configuration items throughout the system development life cycle and for managing the configuration of the configuration items;
c. Defines the configuration items for the system and places the configuration items under configuration management;
d. Is reviewed and approved by [Assignment: organization-defined personnel or roles]; and
e. Protects the configuration management plan from unauthorized disclosure and modification.
CM-9 Additional FedRAMP Requirements and Guidance:
Guidance: FedRAMP does not provide a template for the Configuration Management Plan. However, NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems, provides guidelines for the implementation of CM controls as well as a sample CMP outline in Appendix D of the Guide.
Similarβ
- Sections
/frameworks/fedramp-high-security-controls/cm/09
- Internal
- ID:
dec-c-d0487a4e
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP High Security Controls β πΌ CM-9 Configuration Management Plan (M)(H) |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|