CM — Configuration Management
36 controls in the Configuration Management family
CM-01Policy and Procedures
CM-02Baseline Configuration
CM-02(01)CM-02(01)
CM-02(02)Baseline Configuration | Automation Support for Accuracy and Currency
CM-02(03)Baseline Configuration | Retention of Previous Configurations
CM-02(07)Baseline Configuration | Configure Systems and Components for High-risk Areas
CM-03Configuration Change Control
CM-03(01)CM-03(01)
CM-03(02)Configuration Change Control | Testing, Validation, and Documentation of Changes
CM-03(04)Configuration Change Control | Security and Privacy Representatives
CM-03(06)CM-03(06)
CM-04Impact Analyses
CM-04(01)CM-04(01)
CM-05Access Restrictions for Change
CM-05(01)Access Restrictions for Change | Automated Access Enforcement and Audit Records
CM-05(02)CM-05(02)
CM-05(03)CM-05(03)
CM-05(05)Access Restrictions for Change | Privilege Limitation for Production and Operation
CM-06Configuration Settings
CM-06(01)Configuration Settings | Automated Management, Application, and Verification
CM-06(02)CM-06(02)
CM-07Least Functionality
CM-07(01)Least Functionality | Periodic Review
CM-07(02)Least Functionality | Prevent Program Execution
CM-07(05)Least Functionality | Authorized Software — Allow-by-exception
CM-08System Component Inventory
CM-08(01)System Component Inventory | Updates During Installation and Removal
CM-08(02)CM-08(02)
CM-08(03)System Component Inventory | Automated Unauthorized Component Detection
CM-08(04)CM-08(04)
CM-08(05)CM-08(05)
CM-09Configuration Management Plan
CM-10Software Usage Restrictions
CM-10(01)CM-10(01)
CM-11User-installed Software
CM-11(01)CM-11(01)