Skip to main content

💼 CM-1 CONFIGURATION MANAGEMENT POLICY AND PROCEDURES

  • Contextual name: 💼 CM-1 CONFIGURATION MANAGEMENT POLICY AND PROCEDURES
  • ID: /frameworks/nist-sp-800-53-r4/cm/01
  • Located in: 💼 CM CONFIGURATION MANAGEMENT

Description​

The organization: CM-1a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: CM-1a.1. A configuration management policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and CM-1a.2. Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and CM-1b. Reviews and updates the current: CM-1b.1. Configuration management policy [Assignment: organization-defined frequency]; and CM-1b.2. Configuration management procedures [Assignment: organization-defined frequency].

Similar​

  • Internal
    • ID: dec-c-6a375429

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST CSF v1.1 → 💼 ID.GV-1: Organizational cybersecurity policy is established and communicated
💼 NIST CSF v1.1 → 💼 ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed13

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags