CM-3(1)—Configuration Change Control
Operational
>Control Description
CONFIGURATION CHANGE CONTROL | AUTOMATED DOCUMENT / NOTIFICATION / PROHIBITION OF CHANGES The organization employs automated mechanisms to: (a) Document proposed changes to the information system; (b) Notify ⚙organized-defined approval authorities of proposed changes to the information system and request change approval; (c) Highlight proposed changes to the information system that have not been approved or have been disapproved by ⚙organization-defined time period; (d) Prohibit changes to the information system until designated approvals are received; (e) Document all changes to the information system; and (f) Notify ⚙organization-defined personnel when approved changes to the information system are completed.
>Tailoring Guidance
This security control/enhancement specifies the use of an automated mechanism. While there are obvious benefits to the use of such mechanisms, in most cases the use of manual mechanisms will suffice.
Ask AI
Configure your API key to use AI features.