Skip to main content

πŸ’Ό CM-2 BASELINE CONFIGURATION

  • Contextual name: πŸ’Ό CM-2 BASELINE CONFIGURATION
  • ID: /frameworks/nist-sp-800-53-r4/cm/02
  • Located in: πŸ’Ό CM CONFIGURATION MANAGEMENT

Description​

The organization develops, documents, and maintains under configuration control, a current baseline configuration of the information system.

Similar​

  • Internal
    • ID: dec-c-34e248a1

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed1011
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.DS-7: The development and testing environment(s) are separate from the production environment1
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)414

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CM-2 (1) REVIEWS AND UPDATES
πŸ’Ό CM-2 (2) AUTOMATION SUPPORT FOR ACCURACY _ CURRENCY
πŸ’Ό CM-2 (3) RETENTION OF PREVIOUS CONFIGURATIONS
πŸ’Ό CM-2 (4) UNAUTHORIZED SOFTWARE
πŸ’Ό CM-2 (5) AUTHORIZED SOFTWARE
πŸ’Ό CM-2 (6) DEVELOPMENT AND TEST ENVIRONMENTS
πŸ’Ό CM-2 (7) CONFIGURE SYSTEMS, COMPONENTS, OR DEVICES FOR HIGH-RISK AREAS

Policies (1)​

PolicyLogic CountFlags
πŸ“ AWS S3 Bucket Versioning is not enabled 🟒1🟒 x6

Internal Rules​

RulePoliciesFlags
βœ‰οΈ dec-x-2a9e52551