>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CM-5(5)Access Restrictions For Change

PBMM (P2)
Secret (P2)
Operational

>Control Description

ACCESS RESTRICTIONS FOR CHANGE | LIMIT PRODUCTION / OPERATIONAL PRIVILEGES (a) The organization limits privileges to change information system components and system-related information within a production or operational environment; and (b) The organization reviews and re-evaluates privileges organization-defined frequency.

>Supplemental Guidance

In many organizations, information systems support multiple core missions/business functions. Limiting privileges to change information system components with respect to operational systems is necessary because changes to a particular information system component may have far-reaching effects on mission/business processes supported by the system where the component resides. The complex, many-to-many relationships between systems and mission/business processes are in some cases, unknown to developers.

Related control: AC-2.

Ask AI

Configure your API key to use AI features.