NIST SP 800-53 r4 - Security Control Family: Configuration Management - Controls for HIGH Impact Systems, v4

Profile of requirements corresponding to all HIGH impact security controls in NIST Special Publication 800-53, r4, under the control family of Configuration Management.
Identifier https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4---security-control-family_-configuration-management---controls-for-high-impact-systems/4/
Publication Date 2021-04-26
Issuing Organization
Trustmark Support help@trustmarkinitiative.org No telephone 75 5th Street, GTRI 30332
Keywords 800-53, Configuration Management, NIST, Security, High
Legal Notice This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
Loading...

Trust Expression:

TIP_NISTSP80053r4SecurityControlFamilyConfigurationManagementControlsforMODERATEImpactSystems and TIP_NISTSP80053r4SecurityControlCM1ConfigurationManagementPolicyandProcedures and TIP_NISTSP80053r4SecurityControlCM2BaselineConfiguration and TIP_NISTSP80053r4SecurityControlCM21ReviewsandUpdates and TIP_NISTSP80053r4SecurityControlCM22AutomationSupportforAccuracyCurrency and TIP_NISTSP80053r4SecurityControlCM23RetentionofPreviousConfigurations and TIP_NISTSP80053r4SecurityControlCM27ConfigureSystemsComponentsorDevicesforHighRiskAreas and TIP_NISTSP80053r4SecurityControlCM3ConfigurationChangeControl and TIP_NISTSP80053r4SecurityControlCM31AutomatedDocumentNotificationProhibitionofChanges and TIP_NISTSP80053r4SecurityControlCM32TestValidateDocumentChanges and TIP_NISTSP80053r4SecurityControlCM4SecurityImpactAnalysis and TIP_NISTSP80053r4SecurityControlCM41SeparateTestEnvironments and TIP_NISTSP80053r4SecurityControlCM5AccessRestrictionsforChange and TIP_NISTSP80053r4SecurityControlCM51AutomatedAccessEnforcementAuditing and TIP_NISTSP80053r4SecurityControlCM52ReviewSystemChanges and TIP_NISTSP80053r4SecurityControlCM53SignedComponents and TIP_NISTSP80053r4SecurityControlCM6ConfigurationSettings and TIP_NISTSP80053r4SecurityControlCM61AutomatedCentralManagementApplicationVerification and TIP_NISTSP80053r4SecurityControlCM62RespondtoUnauthorizedChanges and TIP_NISTSP80053r4SecurityControlCM7LeastFunctionality and TIP_NISTSP80053r4SecurityControlCM71PeriodicReview and TIP_NISTSP80053r4SecurityControlCM72PreventProgramExecution and TIP_NISTSP80053r4SecurityControlCM75AuthorizedSoftwareWhitelisting and TIP_NISTSP80053r4SecurityControlCM8InformationSystemComponentInventory and TIP_NISTSP80053r4SecurityControlCM81UpdatesDuringInstallationsRemovals and TIP_NISTSP80053r4SecurityControlCM82AutomatedMaintenance and TIP_NISTSP80053r4SecurityControlCM83AutomatedUnauthorizedComponentDetection and TIP_NISTSP80053r4SecurityControlCM84AccountabilityInformation and TIP_NISTSP80053r4SecurityControlCM85NoDuplicateAccountingofComponents and TIP_NISTSP80053r4SecurityControlCM9ConfigurationManagementPlan and TIP_NISTSP80053r4SecurityControlCM10SoftwareUsageRestrictions and TIP_NISTSP80053r4SecurityControlCM11UserInstalledSoftware

References (32)

 TIP  NIST SP 800-53 r4 - Security Control Family: Configuration Management - Controls for MODERATE Impact Systems, v4
Description Profile of requirements corresponding to all MODERATE impact security controls in NIST Special Publication 800-53, r4, under the control family of Configuration Management.
ID TIP_NISTSP80053r4SecurityControlFamilyConfigurationManagementControlsforMODERATEImpactSystems
 TIP  NIST SP 800-53 r4 Security Control CM-1: Configuration Management Policy and Procedures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-1: Configuration Management Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM1ConfigurationManagementPolicyandProcedures
 TIP  NIST SP 800-53 r4 Security Control CM-2: Baseline Configuration, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2: Baseline Configuration. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM2BaselineConfiguration
 TIP  NIST SP 800-53 r4 Security Control CM-2 (1): Reviews and Updates, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (1): Reviews and Updates. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM21ReviewsandUpdates
 TIP  NIST SP 800-53 r4 Security Control CM-2 (2): Automation Support for Accuracy / Currency, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (2): Automation Support for Accuracy / Currency. Applicable to HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM22AutomationSupportforAccuracyCurrency
 TIP  NIST SP 800-53 r4 Security Control CM-2 (3): Retention of Previous Configurations, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (3): Retention of Previous Configurations. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM23RetentionofPreviousConfigurations
 TIP  NIST SP 800-53 r4 Security Control CM-2 (7): Configure Systems, Components, or Devices for High-Risk Areas, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (7): Configure Systems, Components, or Devices for High-Risk Areas. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM27ConfigureSystemsComponentsorDevicesforHighRiskAreas
 TIP  NIST SP 800-53 r4 Security Control CM-3: Configuration Change Control, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3: Configuration Change Control. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM3ConfigurationChangeControl
 TIP  NIST SP 800-53 r4 Security Control CM-3 (1): Automated Document / Notification / Prohibition of Changes, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3 (1): Automated Document / Notification / Prohibition of Changes. Applicable to HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM31AutomatedDocumentNotificationProhibitionofChanges
 TIP  NIST SP 800-53 r4 Security Control CM-3 (2): Test / Validate / Document Changes, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3 (2): Test / Validate / Document Changes. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM32TestValidateDocumentChanges
 TIP  NIST SP 800-53 r4 Security Control CM-4: Security Impact Analysis, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-4: Security Impact Analysis. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM4SecurityImpactAnalysis
 TIP  NIST SP 800-53 r4 Security Control CM-4 (1): Separate Test Environments, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-4 (1): Separate Test Environments. Applicable to HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM41SeparateTestEnvironments
 TIP  NIST SP 800-53 r4 Security Control CM-5: Access Restrictions for Change, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5: Access Restrictions for Change. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM5AccessRestrictionsforChange
 TIP  NIST SP 800-53 r4 Security Control CM-5 (1): Automated Access Enforcement / Auditing, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5 (1): Automated Access Enforcement / Auditing. Applicable to HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM51AutomatedAccessEnforcementAuditing
 TIP  NIST SP 800-53 r4 Security Control CM-5 (2): Review System Changes, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5 (2): Review System Changes. Applicable to HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM52ReviewSystemChanges
 TIP  NIST SP 800-53 r4 Security Control CM-5 (3): Signed Components, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5 (3): Signed Components. Applicable to HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM53SignedComponents
 TIP  NIST SP 800-53 r4 Security Control CM-6: Configuration Settings, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-6: Configuration Settings. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM6ConfigurationSettings
 TIP  NIST SP 800-53 r4 Security Control CM-6 (1): Automated Central Management / Application / Verification, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-6 (1): Automated Central Management / Application / Verification. Applicable to HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM61AutomatedCentralManagementApplicationVerification
 TIP  NIST SP 800-53 r4 Security Control CM-6 (2): Respond to Unauthorized Changes, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-6 (2): Respond to Unauthorized Changes. Applicable to HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM62RespondtoUnauthorizedChanges
 TIP  NIST SP 800-53 r4 Security Control CM-7: Least Functionality, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7: Least Functionality. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM7LeastFunctionality
 TIP  NIST SP 800-53 r4 Security Control CM-7 (1): Periodic Review, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (1): Periodic Review. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM71PeriodicReview
 TIP  NIST SP 800-53 r4 Security Control CM-7 (2): Prevent Program Execution, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (2): Prevent Program Execution. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM72PreventProgramExecution
 TIP  NIST SP 800-53 r4 Security Control CM-7 (5): Authorized Software / Whitelisting, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (5): Authorized Software / Whitelisting. Applicable to HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM75AuthorizedSoftwareWhitelisting
 TIP  NIST SP 800-53 r4 Security Control CM-8: Information System Component Inventory, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8: Information System Component Inventory. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM8InformationSystemComponentInventory
 TIP  NIST SP 800-53 r4 Security Control CM-8 (1): Updates During Installations / Removals, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (1): Updates During Installations / Removals. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM81UpdatesDuringInstallationsRemovals
 TIP  NIST SP 800-53 r4 Security Control CM-8 (2): Automated Maintenance, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (2): Automated Maintenance. Applicable to HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM82AutomatedMaintenance
 TIP  NIST SP 800-53 r4 Security Control CM-8 (3): Automated Unauthorized Component Detection, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (3): Automated Unauthorized Component Detection. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM83AutomatedUnauthorizedComponentDetection
 TIP  NIST SP 800-53 r4 Security Control CM-8 (4): Accountability Information, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (4): Accountability Information. Applicable to HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM84AccountabilityInformation
 TIP  NIST SP 800-53 r4 Security Control CM-8 (5): No Duplicate Accounting of Components, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (5): No Duplicate Accounting of Components. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM85NoDuplicateAccountingofComponents
 TIP  NIST SP 800-53 r4 Security Control CM-9: Configuration Management Plan, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-9: Configuration Management Plan. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM9ConfigurationManagementPlan
 TIP  NIST SP 800-53 r4 Security Control CM-10: Software Usage Restrictions, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-10: Software Usage Restrictions. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM10SoftwareUsageRestrictions
 TIP  NIST SP 800-53 r4 Security Control CM-11: User-Installed Software, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-11: User-Installed Software. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_NISTSP80053r4SecurityControlCM11UserInstalledSoftware

Sources (1)

SP800-53R4 NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4.
Also available as XML or JSON