| TIP: NIST SP 800-53 r4 - Security Control Family: Configuration Management

NIST SP 800-53 r4 - Security Control Family: Configuration Management - Controls for HIGH Impact Systems, v4

Profile of requirements corresponding to all HIGH impact security controls in NIST Special Publication 800-53, r4, under the control family of Configuration Management.

Identifier

https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4---security-control-family_-configuration-management---controls-for-high-impact-systems/4/

Publication Date

2021-04-26

Issuing Organization

TMI (https://trustmarkinitiative.org/) View Contact

No Responder

help@trustmarkinitiative.org

555-555-5555

No Mailing Address

Keywords

800-53, Configuration Management, NIST, Security, High

Legal Notice

This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Tree View
Details View

Trust Expression:

TIP_NISTSP80053r4SecurityControlFamilyConfigurationManagementControlsforMODERATEImpactSystems and TIP_NISTSP80053r4SecurityControlCM1ConfigurationManagementPolicyandProcedures and TIP_NISTSP80053r4SecurityControlCM2BaselineConfiguration and TIP_NISTSP80053r4SecurityControlCM21ReviewsandUpdates and TIP_NISTSP80053r4SecurityControlCM22AutomationSupportforAccuracyCurrency and TIP_NISTSP80053r4SecurityControlCM23RetentionofPreviousConfigurations and TIP_NISTSP80053r4SecurityControlCM27ConfigureSystemsComponentsorDevicesforHighRiskAreas and TIP_NISTSP80053r4SecurityControlCM3ConfigurationChangeControl and TIP_NISTSP80053r4SecurityControlCM31AutomatedDocumentNotificationProhibitionofChanges and TIP_NISTSP80053r4SecurityControlCM32TestValidateDocumentChanges and TIP_NISTSP80053r4SecurityControlCM4SecurityImpactAnalysis and TIP_NISTSP80053r4SecurityControlCM41SeparateTestEnvironments and TIP_NISTSP80053r4SecurityControlCM5AccessRestrictionsforChange and TIP_NISTSP80053r4SecurityControlCM51AutomatedAccessEnforcementAuditing and TIP_NISTSP80053r4SecurityControlCM52ReviewSystemChanges and TIP_NISTSP80053r4SecurityControlCM53SignedComponents and TIP_NISTSP80053r4SecurityControlCM6ConfigurationSettings and TIP_NISTSP80053r4SecurityControlCM61AutomatedCentralManagementApplicationVerification and TIP_NISTSP80053r4SecurityControlCM62RespondtoUnauthorizedChanges and TIP_NISTSP80053r4SecurityControlCM7LeastFunctionality and TIP_NISTSP80053r4SecurityControlCM71PeriodicReview and TIP_NISTSP80053r4SecurityControlCM72PreventProgramExecution and TIP_NISTSP80053r4SecurityControlCM75AuthorizedSoftwareWhitelisting and TIP_NISTSP80053r4SecurityControlCM8InformationSystemComponentInventory and TIP_NISTSP80053r4SecurityControlCM81UpdatesDuringInstallationsRemovals and TIP_NISTSP80053r4SecurityControlCM82AutomatedMaintenance and TIP_NISTSP80053r4SecurityControlCM83AutomatedUnauthorizedComponentDetection and TIP_NISTSP80053r4SecurityControlCM84AccountabilityInformation and TIP_NISTSP80053r4SecurityControlCM85NoDuplicateAccountingofComponents and TIP_NISTSP80053r4SecurityControlCM9ConfigurationManagementPlan and TIP_NISTSP80053r4SecurityControlCM10SoftwareUsageRestrictions and TIP_NISTSP80053r4SecurityControlCM11UserInstalledSoftware

References (32)

TIP NIST SP 800-53 r4 - Security Control Family: Configuration Management - Controls for MODERATE Impact Systems, v4
Description	Profile of requirements corresponding to all MODERATE impact security controls in NIST Special Publication 800-53, r4, under the control family of Configuration Management.
ID	TIP_NISTSP80053r4SecurityControlFamilyConfigurationManagementControlsforMODERATEImpactSystems

TIP NIST SP 800-53 r4 Security Control CM-1: Configuration Management Policy and Procedures, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-1: Configuration Management Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM1ConfigurationManagementPolicyandProcedures

TIP NIST SP 800-53 r4 Security Control CM-2: Baseline Configuration, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2: Baseline Configuration. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM2BaselineConfiguration

TIP NIST SP 800-53 r4 Security Control CM-2 (1): Reviews and Updates, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (1): Reviews and Updates. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM21ReviewsandUpdates

TIP NIST SP 800-53 r4 Security Control CM-2 (2): Automation Support for Accuracy / Currency, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (2): Automation Support for Accuracy / Currency. Applicable to HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM22AutomationSupportforAccuracyCurrency

TIP NIST SP 800-53 r4 Security Control CM-2 (3): Retention of Previous Configurations, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (3): Retention of Previous Configurations. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM23RetentionofPreviousConfigurations

TIP NIST SP 800-53 r4 Security Control CM-2 (7): Configure Systems, Components, or Devices for High-Risk Areas, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (7): Configure Systems, Components, or Devices for High-Risk Areas. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM27ConfigureSystemsComponentsorDevicesforHighRiskAreas

TIP NIST SP 800-53 r4 Security Control CM-3: Configuration Change Control, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3: Configuration Change Control. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM3ConfigurationChangeControl

TIP NIST SP 800-53 r4 Security Control CM-3 (1): Automated Document / Notification / Prohibition of Changes, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3 (1): Automated Document / Notification / Prohibition of Changes. Applicable to HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM31AutomatedDocumentNotificationProhibitionofChanges

TIP NIST SP 800-53 r4 Security Control CM-3 (2): Test / Validate / Document Changes, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3 (2): Test / Validate / Document Changes. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM32TestValidateDocumentChanges

TIP NIST SP 800-53 r4 Security Control CM-4: Security Impact Analysis, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-4: Security Impact Analysis. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM4SecurityImpactAnalysis

TIP NIST SP 800-53 r4 Security Control CM-4 (1): Separate Test Environments, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-4 (1): Separate Test Environments. Applicable to HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM41SeparateTestEnvironments

TIP NIST SP 800-53 r4 Security Control CM-5: Access Restrictions for Change, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5: Access Restrictions for Change. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM5AccessRestrictionsforChange

TIP NIST SP 800-53 r4 Security Control CM-5 (1): Automated Access Enforcement / Auditing, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5 (1): Automated Access Enforcement / Auditing. Applicable to HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM51AutomatedAccessEnforcementAuditing

TIP NIST SP 800-53 r4 Security Control CM-5 (2): Review System Changes, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5 (2): Review System Changes. Applicable to HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM52ReviewSystemChanges

TIP NIST SP 800-53 r4 Security Control CM-5 (3): Signed Components, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5 (3): Signed Components. Applicable to HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM53SignedComponents

TIP NIST SP 800-53 r4 Security Control CM-6: Configuration Settings, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-6: Configuration Settings. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM6ConfigurationSettings

TIP NIST SP 800-53 r4 Security Control CM-6 (1): Automated Central Management / Application / Verification, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-6 (1): Automated Central Management / Application / Verification. Applicable to HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM61AutomatedCentralManagementApplicationVerification

TIP NIST SP 800-53 r4 Security Control CM-6 (2): Respond to Unauthorized Changes, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-6 (2): Respond to Unauthorized Changes. Applicable to HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM62RespondtoUnauthorizedChanges

TIP NIST SP 800-53 r4 Security Control CM-7: Least Functionality, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7: Least Functionality. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM7LeastFunctionality

TIP NIST SP 800-53 r4 Security Control CM-7 (1): Periodic Review, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (1): Periodic Review. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM71PeriodicReview

TIP NIST SP 800-53 r4 Security Control CM-7 (2): Prevent Program Execution, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (2): Prevent Program Execution. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM72PreventProgramExecution

TIP NIST SP 800-53 r4 Security Control CM-7 (5): Authorized Software / Whitelisting, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (5): Authorized Software / Whitelisting. Applicable to HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM75AuthorizedSoftwareWhitelisting

TIP NIST SP 800-53 r4 Security Control CM-8: Information System Component Inventory, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8: Information System Component Inventory. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM8InformationSystemComponentInventory

TIP NIST SP 800-53 r4 Security Control CM-8 (1): Updates During Installations / Removals, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (1): Updates During Installations / Removals. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM81UpdatesDuringInstallationsRemovals

TIP NIST SP 800-53 r4 Security Control CM-8 (2): Automated Maintenance, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (2): Automated Maintenance. Applicable to HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM82AutomatedMaintenance

TIP NIST SP 800-53 r4 Security Control CM-8 (3): Automated Unauthorized Component Detection, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (3): Automated Unauthorized Component Detection. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM83AutomatedUnauthorizedComponentDetection

TIP NIST SP 800-53 r4 Security Control CM-8 (4): Accountability Information, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (4): Accountability Information. Applicable to HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM84AccountabilityInformation

TIP NIST SP 800-53 r4 Security Control CM-8 (5): No Duplicate Accounting of Components, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (5): No Duplicate Accounting of Components. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM85NoDuplicateAccountingofComponents

TIP NIST SP 800-53 r4 Security Control CM-9: Configuration Management Plan, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-9: Configuration Management Plan. Applicable to MODERATE impact and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM9ConfigurationManagementPlan

TIP NIST SP 800-53 r4 Security Control CM-10: Software Usage Restrictions, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-10: Software Usage Restrictions. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM10SoftwareUsageRestrictions

TIP NIST SP 800-53 r4 Security Control CM-11: User-Installed Software, v4
Description	Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-11: User-Installed Software. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID	TIP_NISTSP80053r4SecurityControlCM11UserInstalledSoftware

Sources (1)

SP800-53R4	NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4.

Also available as XML or JSON