You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Aug 11, 2022. It is now read-only.
Document process for making changes to config files, who approves, how we analyze impact
CM-03
Configuration change control. How to approve and implement changes to the configuration.
CM-04
(A) The organization analyzes changes to the information system to determine potential security impacts prior to change implementation.
CM-05
(A) The organization defines, documents, approves, and enforces physical and logical access restrictions associated with changes to the information system.
CM-08
(A) The organization develops and documents an inventory of information system components that accurately reflects the current information system.(B) The organization develops and documents an inventory of information system components that includes all components within the authorization boundary of the information system.(C) The organization develops and documents an inventory of information system components that is at the level of granularity deemed necessary for tracking and reporting.(D) The organization develops and documents an inventory of information system components that includes [Assignment: organization-defined information deemed necessary to achieve effective information system component accountability].(E) The organization reviews and updates the information system component inventory [Assignment: organization-defined frequency].
CM-09
(A) The organization develops, documents, and implements a configuration management plan for the information system that addresses roles, responsibilities, and configuration management processes and procedures.(B) The organization develops, documents, and implements a configuration management plan for the information system that establishes a process for identifying configuration items throughout the system development life cycle and for managing the configuration of the configuration items.(C) The organization develops, documents, and implements a configuration management plan for the information system that defines the configuration items for the information system and places the configuration items under configuration management; and(D) The organization develops, documents, and implements a configuration management plan for the information system that protects the configuration management plan from unauthorized disclosure and modification.
Required for Completion
Documentation
The text was updated successfully, but these errors were encountered:
Description
Document process for making changes to config files, who approves, how we analyze impact
CM-03
Configuration change control. How to approve and implement changes to the configuration.
CM-04
(A) The organization analyzes changes to the information system to determine potential security impacts prior to change implementation.
CM-05
(A) The organization defines, documents, approves, and enforces physical and logical access restrictions associated with changes to the information system.
CM-08
(A) The organization develops and documents an inventory of information system components that accurately reflects the current information system.(B) The organization develops and documents an inventory of information system components that includes all components within the authorization boundary of the information system.(C) The organization develops and documents an inventory of information system components that is at the level of granularity deemed necessary for tracking and reporting.(D) The organization develops and documents an inventory of information system components that includes [Assignment: organization-defined information deemed necessary to achieve effective information system component accountability].(E) The organization reviews and updates the information system component inventory [Assignment: organization-defined frequency].
CM-09
(A) The organization develops, documents, and implements a configuration management plan for the information system that addresses roles, responsibilities, and configuration management processes and procedures.(B) The organization develops, documents, and implements a configuration management plan for the information system that establishes a process for identifying configuration items throughout the system development life cycle and for managing the configuration of the configuration items.(C) The organization develops, documents, and implements a configuration management plan for the information system that defines the configuration items for the information system and places the configuration items under configuration management; and(D) The organization develops, documents, and implements a configuration management plan for the information system that protects the configuration management plan from unauthorized disclosure and modification.
Required for Completion
The text was updated successfully, but these errors were encountered: