CM-05(01)—Access Restrictions for Change | Automated Access Enforcement and Audit Records
Moderate
Core Control
>Control Description
(a) Enforce access restrictions using ⚙organization-defined automated mechanisms; and
(b) Automatically generate audit records of the enforcement actions.
>Discussion
Organizations log system accesses associated with applying configuration changes to ensure that configuration change control is implemented and to support after-the-fact actions should organizations discover any unauthorized changes.
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.