πΌ CM-6 Configuration Settings
- Contextual name: πΌ CM-6 Configuration Settings
- ID:
/frameworks/nist-sp-800-53-r5/cm/06 - Located in: πΌ CM Configuration Management
Descriptionβ
a. Establish and document configuration settings for components employed within the system that reflect the most restrictive mode consistent with operational requirements using [Assignment: organization-defined common secure configurations]; b. Implement the configuration settings; c. Identify, document, and approve any deviations from established configuration settings for [Assignment: organization-defined system components] based on [Assignment: organization-defined operational requirements]; and d. Monitor and control changes to the configuration settings in accordance with organizational policies and procedures.
Similarβ
- Internal
- ID:
dec-c-3ceaf422
- ID:
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP High Security Controls β πΌ CM-6 Configuration Settings (L)(M)(H) | 2 | 12 | ||
| πΌ FedRAMP Low Security Controls β πΌ CM-6 Configuration Settings (L)(M)(H) | 11 | |||
| πΌ NIST CSF v2.0 β πΌ DE.CM-09: Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events | 134 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ CM-6(1) Configuration Settings _ Automated Management, Application, and Verification | 1 | |||
| πΌ CM-6(2) Configuration Settings _ Respond to Unauthorized Changes | ||||
| πΌ CM-6(3) Configuration Settings _ Unauthorized Change Detection | ||||
| πΌ CM-6(4) Configuration Settings _ Conformance Demonstration |
Policies (11)β
| Policy | Logic Count | Flags |
|---|---|---|
| π Google Cloud DNS Managed Zone DNSSEC is not enabled π’ | 1 | π’ x6 |
| π Google Cloud DNS Managed Zone DNSSEC Key-Signing Algorithm is RSASHA1 π’ | 1 | π’ x6 |
| π Google Cloud DNS Managed Zone DNSSEC Zone-Signing Algorithm is RSASHA1 π’ | 1 | π’ x6 |
| π Google Cloud MySQL Instance Local_infile Database Flag is not set to off π’ | 1 | π’ x6 |
| π Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on π’ | 1 | π’ x6 |
| π Google Cloud SQL Server Instance remote access Database Flag is not set to off π’ | 1 | π’ x6 |
| π Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value π’ | 1 | π’ x6 |
| π Google Cloud SQL Server Instance user options Database Flag is configured π’ | 1 | π’ x6 |
| π Google GCE Instance Enable Connecting to Serial Ports is not disabled π’ | 1 | π’ x6 |
| π Google Project has a default network π’ | 1 | π’ x6 |
| π Google Project has a legacy network π’ | 1 | π’ x6 |