Skip to content
This repository has been archived by the owner on Aug 11, 2022. It is now read-only.

Admin - Security CM-03/4/5/8/9 - Security Impact Analysis #262

Closed
1 task
gggrant opened this issue Jul 26, 2018 · 3 comments
Closed
1 task

Admin - Security CM-03/4/5/8/9 - Security Impact Analysis #262

gggrant opened this issue Jul 26, 2018 · 3 comments
Assignees
@gobyrne

Comments

@gggrant
Copy link
Contributor

gggrant commented Jul 26, 2018
edited by gobyrne
Loading

Description

Document process for making changes to config files, who approves, how we analyze impact

CM-03
Configuration change control. How to approve and implement changes to the configuration.

CM-04
(A) The organization analyzes changes to the information system to determine potential security impacts prior to change implementation.

CM-05
(A) The organization defines, documents, approves, and enforces physical and logical access restrictions associated with changes to the information system.

CM-08
(A) The organization develops and documents an inventory of information system components that accurately reflects the current information system.(B) The organization develops and documents an inventory of information system components that includes all components within the authorization boundary of the information system.(C) The organization develops and documents an inventory of information system components that is at the level of granularity deemed necessary for tracking and reporting.(D) The organization develops and documents an inventory of information system components that includes [Assignment: organization-defined information deemed necessary to achieve effective information system component accountability].(E) The organization reviews and updates the information system component inventory [Assignment: organization-defined frequency].

CM-09
(A) The organization develops, documents, and implements a configuration management plan for the information system that addresses roles, responsibilities, and configuration management processes and procedures.(B) The organization develops, documents, and implements a configuration management plan for the information system that establishes a process for identifying configuration items throughout the system development life cycle and for managing the configuration of the configuration items.(C) The organization develops, documents, and implements a configuration management plan for the information system that defines the configuration items for the information system and places the configuration items under configuration management; and(D) The organization develops, documents, and implements a configuration management plan for the information system that protects the configuration management plan from unauthorized disclosure and modification.

Required for Completion

  • Documentation
@gggrant gggrant changed the title Admin - Security CM-04/5 - Security Impact Analysis Admin - Security CM-04/5/8/9 - Security Impact Analysis Jul 26, 2018
@gobyrne gobyrne self-assigned this Aug 14, 2018
@gobyrne gobyrne changed the title Admin - Security CM-04/5/8/9 - Security Impact Analysis Admin - Security CM-03/4/5/8/9 - Security Impact Analysis Aug 15, 2018
@gobyrne
Copy link
Member

gobyrne commented Aug 15, 2018

Create configuration management plan in GitHub

@gobyrne
Copy link
Member

gobyrne commented Sep 25, 2018

Will be done as part of the assessment - led be TBS.

@gobyrne
Copy link
Member

gobyrne commented Sep 25, 2018

Can start with VA scan and TRA recommendations

@gggrant gggrant closed this as completed Oct 17, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@gobyrne gobyrne

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gobyrne @gggrant