Skip to main content

๐Ÿ’ผ CM CONFIGURATION MANAGEMENT

  • Contextual name: ๐Ÿ’ผ CM CONFIGURATION MANAGEMENT
  • ID: /frameworks/nist-sp-800-53-r4/cm
  • Located in: ๐Ÿ’ผ NIST SP 800-53 Revision 4

Descriptionโ€‹

Empty...

Similarโ€‹

  • Internal
    • ID: dec-b-f508c0d7

Sub Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlags
๐Ÿ’ผ CM-1 CONFIGURATION MANAGEMENT POLICY AND PROCEDURES
๐Ÿ’ผ CM-2 BASELINE CONFIGURATION711
    ๐Ÿ’ผ CM-2 (1) REVIEWS AND UPDATES
    ๐Ÿ’ผ CM-2 (2) AUTOMATION SUPPORT FOR ACCURACY _ CURRENCY
    ๐Ÿ’ผ CM-2 (3) RETENTION OF PREVIOUS CONFIGURATIONS
    ๐Ÿ’ผ CM-2 (4) UNAUTHORIZED SOFTWARE
    ๐Ÿ’ผ CM-2 (5) AUTHORIZED SOFTWARE
    ๐Ÿ’ผ CM-2 (6) DEVELOPMENT AND TEST ENVIRONMENTS
    ๐Ÿ’ผ CM-2 (7) CONFIGURE SYSTEMS, COMPONENTS, OR DEVICES FOR HIGH-RISK AREAS
๐Ÿ’ผ CM-3 CONFIGURATION CHANGE CONTROL6
    ๐Ÿ’ผ CM-3 (1) AUTOMATED DOCUMENT _ NOTIFICATION _ PROHIBITION OF CHANGES
    ๐Ÿ’ผ CM-3 (2) TEST _ VALIDATE _ DOCUMENT CHANGES
    ๐Ÿ’ผ CM-3 (3) AUTOMATED CHANGE IMPLEMENTATION
    ๐Ÿ’ผ CM-3 (4) SECURITY REPRESENTATIVE
    ๐Ÿ’ผ CM-3 (5) AUTOMATED SECURITY RESPONSE
    ๐Ÿ’ผ CM-3 (6) CRYPTOGRAPHY MANAGEMENT
๐Ÿ’ผ CM-4 SECURITY IMPACT ANALYSIS2
    ๐Ÿ’ผ CM-4 (1) SEPARATE TEST ENVIRONMENTS
    ๐Ÿ’ผ CM-4 (2) VERIFICATION OF SECURITY FUNCTIONS
๐Ÿ’ผ CM-5 ACCESS RESTRICTIONS FOR CHANGE7
    ๐Ÿ’ผ CM-5 (1) AUTOMATED ACCESS ENFORCEMENT _ AUDITING
    ๐Ÿ’ผ CM-5 (2) REVIEW SYSTEM CHANGES
    ๐Ÿ’ผ CM-5 (3) SIGNED COMPONENTS
    ๐Ÿ’ผ CM-5 (4) DUAL AUTHORIZATION
    ๐Ÿ’ผ CM-5 (5) LIMIT PRODUCTION _ OPERATIONAL PRIVILEGES
    ๐Ÿ’ผ CM-5 (6) LIMIT LIBRARY PRIVILEGES
    ๐Ÿ’ผ CM-5 (7) AUTOMATIC IMPLEMENTATION OF SECURITY SAFEGUARDS
๐Ÿ’ผ CM-6 CONFIGURATION SETTINGS411
    ๐Ÿ’ผ CM-6 (1) AUTOMATED CENTRAL MANAGEMENT _ APPLICATION _ VERIFICATION
    ๐Ÿ’ผ CM-6 (2) RESPOND TO UNAUTHORIZED CHANGES
    ๐Ÿ’ผ CM-6 (3) UNAUTHORIZED CHANGE DETECTION
    ๐Ÿ’ผ CM-6 (4) CONFORMANCE DEMONSTRATION
๐Ÿ’ผ CM-7 LEAST FUNCTIONALITY545
    ๐Ÿ’ผ CM-7 (1) PERIODIC REVIEW34
    ๐Ÿ’ผ CM-7 (2) PREVENT PROGRAM EXECUTION
    ๐Ÿ’ผ CM-7 (3) REGISTRATION COMPLIANCE
    ๐Ÿ’ผ CM-7 (4) UNAUTHORIZED SOFTWARE _ BLACKLISTING
    ๐Ÿ’ผ CM-7 (5) AUTHORIZED SOFTWARE _ WHITELISTING
๐Ÿ’ผ CM-8 INFORMATION SYSTEM COMPONENT INVENTORY912
    ๐Ÿ’ผ CM-8 (1) UPDATES DURING INSTALLATIONS _ REMOVALS
    ๐Ÿ’ผ CM-8 (2) AUTOMATED MAINTENANCE
    ๐Ÿ’ผ CM-8 (3) AUTOMATED UNAUTHORIZED COMPONENT DETECTION
    ๐Ÿ’ผ CM-8 (4) ACCOUNTABILITY INFORMATION
    ๐Ÿ’ผ CM-8 (5) NO DUPLICATE ACCOUNTING OF COMPONENTS
    ๐Ÿ’ผ CM-8 (6) ASSESSED CONFIGURATIONS _ APPROVED DEVIATIONS
    ๐Ÿ’ผ CM-8 (7) CENTRALIZED REPOSITORY
    ๐Ÿ’ผ CM-8 (8) AUTOMATED LOCATION TRACKING
    ๐Ÿ’ผ CM-8 (9) ASSIGNMENT OF COMPONENTS TO SYSTEMS
๐Ÿ’ผ CM-9 CONFIGURATION MANAGEMENT PLAN1
    ๐Ÿ’ผ CM-9 (1) ASSIGNMENT OF RESPONSIBILITY
๐Ÿ’ผ CM-10 SOFTWARE USAGE RESTRICTIONS1
    ๐Ÿ’ผ CM-10 (1) OPEN SOURCE SOFTWARE
๐Ÿ’ผ CM-11 USER-INSTALLED SOFTWARE2
    ๐Ÿ’ผ CM-11 (1) ALERTS FOR UNAUTHORIZED INSTALLATIONS
    ๐Ÿ’ผ CM-11 (2) PROHIBIT INSTALLATION WITHOUT PRIVILEGED STATUS