>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CM-3(1)Configuration Change Control

Operational

>Control Description

CONFIGURATION CHANGE CONTROL | AUTOMATED DOCUMENT / NOTIFICATION / PROHIBITION OF CHANGES The organization employs automated mechanisms to: (a) Document proposed changes to the information system; (b) Notify organized-defined approval authorities of proposed changes to the information system and request change approval; (c) Highlight proposed changes to the information system that have not been approved or have been disapproved by organization-defined time period; (d) Prohibit changes to the information system until designated approvals are received; (e) Document all changes to the information system; and (f) Notify organization-defined personnel when approved changes to the information system are completed.

>Tailoring Guidance

This security control/enhancement specifies the use of an automated mechanism. While there are obvious benefits to the use of such mechanisms, in most cases the use of manual mechanisms will suffice.

Ask AI

Configure your API key to use AI features.