Under active development — Content is continuously updated and improved

Home / Frameworks / DoD SRG / CM — Configuration Management

CM — Configuration Management

43 controls in the Configuration Management family

CM-1Policy and Procedures

IL4 ModIL4 HighIL5IL6

CM-2Baseline Configuration

IL4 ModIL4 HighIL5IL6

CM-2(2)Baseline Configuration | Automation Support for Accuracy and Currency

IL4 ModIL4 HighIL5IL6

CM-2(3)Baseline Configuration | Retention of Previous Configurations

IL4 ModIL4 HighIL5IL6

CM-2(7)Baseline Configuration | Configure Systems and Components for High-risk Areas

IL4 ModIL4 HighIL5IL6

CM-3Configuration Change Control

IL4 ModIL4 HighIL5IL6

CM-3(1)Configuration Change Control | Automated Documentation, Notification, and Prohibition of Changes

CM-3(2)Configuration Change Control | Testing, Validation, and Documentation of Changes

IL4 ModIL4 HighIL5IL6

CM-3(4)Configuration Change Control | Security and Privacy Representatives

IL4 ModIL4 HighIL5IL6

CM-3(5)Configuration Change Control | Automated Security Response

CM-3(6)Configuration Change Control | Cryptography Management

CM-3(7)Configuration Change Control | Review System Changes

CM-3(8)Configuration Change Control | Prevent or Restrict Configuration Changes

CM-4Impact Analyses

IL4 ModIL4 HighIL5IL6

CM-4(1)Impact Analyses | Separate Test Environments

CM-4(2)Impact Analyses | Verification of Controls

IL4 ModIL4 HighIL5IL6

CM-5Access Restrictions for Change

IL4 ModIL4 HighIL5IL6

CM-5(1)Access Restrictions for Change | Automated Access Enforcement and Audit Records

IL4 ModIL4 HighIL5IL6

CM-5(5)Access Restrictions for Change | Privilege Limitation for Production and Operation

IL4 ModIL4 HighIL5IL6

CM-5(6)Access Restrictions for Change | Limit Library Privileges

CM-6Configuration Settings

IL4 ModIL4 HighIL5IL6

CM-6(1)Configuration Settings | Automated Management, Application, and Verification

IL4 ModIL4 HighIL5IL6

CM-6(2)Configuration Settings | Respond to Unauthorized Changes

CM-7Least Functionality

IL4 ModIL4 HighIL5IL6

CM-7(1)Least Functionality | Periodic Review

IL4 ModIL4 HighIL5IL6

CM-7(2)Least Functionality | Prevent Program Execution

IL4 ModIL4 HighIL5IL6

CM-7(3)Least Functionality | Registration Compliance

CM-7(5)Least Functionality | Authorized Software -- Allow-by-exception

IL4 ModIL4 HighIL5IL6

CM-7(8)Least Functionality | Binary or Machine Executable Code

CM-7(9)Least Functionality | Prohibiting The Use of Unauthorized Hardware

CM-8System Component Inventory

IL4 ModIL4 HighIL5IL6

CM-8(1)System Component Inventory | Updates During Installation and Removal

IL4 ModIL4 HighIL5IL6

CM-8(2)System Component Inventory | Automated Maintenance

CM-8(3)System Component Inventory | Automated Unauthorized Component Detection

IL4 ModIL4 HighIL5IL6

CM-8(4)System Component Inventory | Accountability Information

CM-9Configuration Management Plan

IL4 ModIL4 HighIL5IL6

CM-10Software Usage Restrictions

IL4 ModIL4 HighIL5IL6

CM-10(1)Software Usage Restrictions | Open-source Software

CM-11User-installed Software

IL4 ModIL4 HighIL5IL6

CM-11(2)User-installed Software | Software Installation with Privileged Status

CM-12Information Location

IL4 ModIL4 HighIL5IL6

CM-12(1)Information Location | Automated Tools to Support Information Location

IL4 ModIL4 HighIL5IL6

CM-14Signed Components

← Back to all controls