Configuration Management (CM)

Configuration Management (CM)

1. CM-1 – Configuration Management Policy and Procedures

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

2. CM-2 – Baseline Configuration

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CM-2(1) – Baseline Configuration: Reviews & Updates

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

3. CM-3 – Configuration Change Control

Program Frequency:



1. 
   Reviews proposed configuration-controlled changes to the information system and approves or disapproves such changes with explicit consideration for security impact analyses
   

2. 
   Documents configuration change decisions associated with the information system
   

3. 
   Implements approved configuration-controlled changes to the information system
   

4. 
   Retains records of configuration-controlled changes to the information system for the life of the system
   

5. 
   Audits and reviews activities associated with configuration-controlled changes to the information system
   

6. 
   Coordinate and provide oversight for configuration change control activities through establishment of a group of individuals with the collective responsibility and authority to review and approve proposed changes to the IS that convenes as defined in the local SSP and when there is a significant change to the system or the environment in which the system operates. This could be a function overseen only by the ISSM and/or ISSO/AO.
   

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CM-3(4) – Configuration Change Control: Security Representative

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CM-3(6) – Configuration Change Control: Cryptography Management

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

4. CM-4 – Security Impact Analysis

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

5. CM-5 – Access Restrictions for Change

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CM-5(5) – Access Restrictions for Change: Limit Production/Operational Privileges

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CM-5(6) – Access Restrictions for Change: Limit Library Privileges

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

6. CM-6 – Configuration Settings

Program Frequency:



1. 
   Implements the configuration settings
   

2. 
   Identifies, documents, and approves any deviations from established configuration settings for all configurable IS components based on mission requirements
   

3. 
   Develop, document, monitors and control changes to the configuration settings in accordance with organizational policies and procedures.
   

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

7. CM-7 – Least Functionality

Program Frequency:



1. 
   Prohibits or restricts the use of ports, protocols, and services using least functionality. Ports will be denied access by default, and allow access by exception as documented in the system security plan.
   

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CM-7(1) – Least Functionality: Periodic Review

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CM-7(2) – Least Functionality: Prevent Program Execution

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CM-7(3) – Least Functionality: Registration Compliance

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CM-7(5) – Least Functionality: Authorized Software/Whitelisting

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

8. CM-8 – Information System Component Inventory

Program Frequency:



1. 
   Reviews and updates the information system component inventory whenever a change is made to the inventory
   

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CM-8(2) – Information System Component Inventory: Automated Maintenance

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CM-8(3) – Information System Component Inventory: Automated Unauthorized Component Detection

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

9. CM-9 – Configuration Management Plan

Program Frequency:



Establishes a process for identifying configuration items throughout the system development life cycle

Click here to enter text.

Defines the configuration items for the information system and places the configuration items under configuration management;

Click here to enter text.

Protects the configuration management plan from unauthorized disclosure and modification;

Click here to enter text.

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

10. CM-10 – Software Usage Restrictions

Program Frequency:



1. 
   Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution
   

2. 
   Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for unauthorized distribution, display, performance, or reproduction of copyrighted work.
   

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CM-10(1) – Software Usage Restrictions: Open Source Software

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

11. CM-11 – User Installed Software

Program Frequency:



1. 
   Define and document the methods employed to enforce the installation policies either through system configuration settings or manual oversight
   

2. 
   Monitors policy compliance at the approved continuous monitoring interval quarterly.
   

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CM-11(2) – User Installed Software: Prohibit Installation with Privileged Status

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

7. 
   
   Directory: documents
   documents -> Concept stage
   documents -> Concept stage
   documents -> The great global switch-off
   documents -> Nonprofit grant application
   documents -> The Truth about the Rwandan Genocide
   documents -> Annual InStructional unit plan
   documents -> Chaos equipment included
   
   
   
   Download 0.65 Mb.
   
   Share with your friends: