NIST SP 800-53 r4 - Security Control Family: Configuration Management - Controls for HIGH Impact Systems, v4
Profile of requirements corresponding to all HIGH impact security controls in NIST Special Publication 800-53, r4, under the control family of Configuration Management.
| Identifier | https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4---security-control-family_-configuration-management---controls-for-high-impact-systems/4/ | ||||
| Publication Date | 2021-04-26 | ||||
| Issuing Organization |
Trustmark Initiative (https://trustmarkinitiative.org/)
View Contact
|
||||
| Keywords | 800-53, Configuration Management, NIST, Security, High | ||||
| Legal Notice | This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein. |
Loading...
Trust Expression:
TIP_NISTSP80053r4SecurityControlFamilyConfigurationManagementControlsforMODERATEImpactSystems and TIP_NISTSP80053r4SecurityControlCM1ConfigurationManagementPolicyandProcedures and TIP_NISTSP80053r4SecurityControlCM2BaselineConfiguration and TIP_NISTSP80053r4SecurityControlCM21ReviewsandUpdates and TIP_NISTSP80053r4SecurityControlCM22AutomationSupportforAccuracyCurrency and TIP_NISTSP80053r4SecurityControlCM23RetentionofPreviousConfigurations and TIP_NISTSP80053r4SecurityControlCM27ConfigureSystemsComponentsorDevicesforHighRiskAreas and TIP_NISTSP80053r4SecurityControlCM3ConfigurationChangeControl and TIP_NISTSP80053r4SecurityControlCM31AutomatedDocumentNotificationProhibitionofChanges and TIP_NISTSP80053r4SecurityControlCM32TestValidateDocumentChanges and TIP_NISTSP80053r4SecurityControlCM4SecurityImpactAnalysis and TIP_NISTSP80053r4SecurityControlCM41SeparateTestEnvironments and TIP_NISTSP80053r4SecurityControlCM5AccessRestrictionsforChange and TIP_NISTSP80053r4SecurityControlCM51AutomatedAccessEnforcementAuditing and TIP_NISTSP80053r4SecurityControlCM52ReviewSystemChanges and TIP_NISTSP80053r4SecurityControlCM53SignedComponents and TIP_NISTSP80053r4SecurityControlCM6ConfigurationSettings and TIP_NISTSP80053r4SecurityControlCM61AutomatedCentralManagementApplicationVerification and TIP_NISTSP80053r4SecurityControlCM62RespondtoUnauthorizedChanges and TIP_NISTSP80053r4SecurityControlCM7LeastFunctionality and TIP_NISTSP80053r4SecurityControlCM71PeriodicReview and TIP_NISTSP80053r4SecurityControlCM72PreventProgramExecution and TIP_NISTSP80053r4SecurityControlCM75AuthorizedSoftwareWhitelisting and TIP_NISTSP80053r4SecurityControlCM8InformationSystemComponentInventory and TIP_NISTSP80053r4SecurityControlCM81UpdatesDuringInstallationsRemovals and TIP_NISTSP80053r4SecurityControlCM82AutomatedMaintenance and TIP_NISTSP80053r4SecurityControlCM83AutomatedUnauthorizedComponentDetection and TIP_NISTSP80053r4SecurityControlCM84AccountabilityInformation and TIP_NISTSP80053r4SecurityControlCM85NoDuplicateAccountingofComponents and TIP_NISTSP80053r4SecurityControlCM9ConfigurationManagementPlan and TIP_NISTSP80053r4SecurityControlCM10SoftwareUsageRestrictions and TIP_NISTSP80053r4SecurityControlCM11UserInstalledSoftware
References (32)
| TIP NIST SP 800-53 r4 - Security Control Family: Configuration Management - Controls for MODERATE Impact Systems, v4 | |
|---|---|
| Description | Profile of requirements corresponding to all MODERATE impact security controls in NIST Special Publication 800-53, r4, under the control family of Configuration Management. |
| ID | TIP_NISTSP80053r4SecurityControlFamilyConfigurationManagementControlsforMODERATEImpactSystems |
| TIP NIST SP 800-53 r4 Security Control CM-1: Configuration Management Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-1: Configuration Management Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM1ConfigurationManagementPolicyandProcedures |
| TIP NIST SP 800-53 r4 Security Control CM-2: Baseline Configuration, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2: Baseline Configuration. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM2BaselineConfiguration |
| TIP NIST SP 800-53 r4 Security Control CM-2 (1): Reviews and Updates, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (1): Reviews and Updates. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM21ReviewsandUpdates |
| TIP NIST SP 800-53 r4 Security Control CM-2 (2): Automation Support for Accuracy / Currency, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (2): Automation Support for Accuracy / Currency. Applicable to HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM22AutomationSupportforAccuracyCurrency |
| TIP NIST SP 800-53 r4 Security Control CM-2 (3): Retention of Previous Configurations, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (3): Retention of Previous Configurations. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM23RetentionofPreviousConfigurations |
| TIP NIST SP 800-53 r4 Security Control CM-2 (7): Configure Systems, Components, or Devices for High-Risk Areas, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (7): Configure Systems, Components, or Devices for High-Risk Areas. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM27ConfigureSystemsComponentsorDevicesforHighRiskAreas |
| TIP NIST SP 800-53 r4 Security Control CM-3: Configuration Change Control, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3: Configuration Change Control. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM3ConfigurationChangeControl |
| TIP NIST SP 800-53 r4 Security Control CM-3 (1): Automated Document / Notification / Prohibition of Changes, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3 (1): Automated Document / Notification / Prohibition of Changes. Applicable to HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM31AutomatedDocumentNotificationProhibitionofChanges |
| TIP NIST SP 800-53 r4 Security Control CM-3 (2): Test / Validate / Document Changes, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3 (2): Test / Validate / Document Changes. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM32TestValidateDocumentChanges |
| TIP NIST SP 800-53 r4 Security Control CM-4: Security Impact Analysis, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-4: Security Impact Analysis. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM4SecurityImpactAnalysis |
| TIP NIST SP 800-53 r4 Security Control CM-4 (1): Separate Test Environments, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-4 (1): Separate Test Environments. Applicable to HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM41SeparateTestEnvironments |
| TIP NIST SP 800-53 r4 Security Control CM-5: Access Restrictions for Change, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5: Access Restrictions for Change. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM5AccessRestrictionsforChange |
| TIP NIST SP 800-53 r4 Security Control CM-5 (1): Automated Access Enforcement / Auditing, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5 (1): Automated Access Enforcement / Auditing. Applicable to HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM51AutomatedAccessEnforcementAuditing |
| TIP NIST SP 800-53 r4 Security Control CM-5 (2): Review System Changes, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5 (2): Review System Changes. Applicable to HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM52ReviewSystemChanges |
| TIP NIST SP 800-53 r4 Security Control CM-5 (3): Signed Components, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5 (3): Signed Components. Applicable to HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM53SignedComponents |
| TIP NIST SP 800-53 r4 Security Control CM-6: Configuration Settings, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-6: Configuration Settings. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM6ConfigurationSettings |
| TIP NIST SP 800-53 r4 Security Control CM-6 (1): Automated Central Management / Application / Verification, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-6 (1): Automated Central Management / Application / Verification. Applicable to HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM61AutomatedCentralManagementApplicationVerification |
| TIP NIST SP 800-53 r4 Security Control CM-6 (2): Respond to Unauthorized Changes, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-6 (2): Respond to Unauthorized Changes. Applicable to HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM62RespondtoUnauthorizedChanges |
| TIP NIST SP 800-53 r4 Security Control CM-7: Least Functionality, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7: Least Functionality. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM7LeastFunctionality |
| TIP NIST SP 800-53 r4 Security Control CM-7 (1): Periodic Review, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (1): Periodic Review. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM71PeriodicReview |
| TIP NIST SP 800-53 r4 Security Control CM-7 (2): Prevent Program Execution, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (2): Prevent Program Execution. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM72PreventProgramExecution |
| TIP NIST SP 800-53 r4 Security Control CM-7 (5): Authorized Software / Whitelisting, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (5): Authorized Software / Whitelisting. Applicable to HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM75AuthorizedSoftwareWhitelisting |
| TIP NIST SP 800-53 r4 Security Control CM-8: Information System Component Inventory, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8: Information System Component Inventory. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM8InformationSystemComponentInventory |
| TIP NIST SP 800-53 r4 Security Control CM-8 (1): Updates During Installations / Removals, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (1): Updates During Installations / Removals. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM81UpdatesDuringInstallationsRemovals |
| TIP NIST SP 800-53 r4 Security Control CM-8 (2): Automated Maintenance, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (2): Automated Maintenance. Applicable to HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM82AutomatedMaintenance |
| TIP NIST SP 800-53 r4 Security Control CM-8 (3): Automated Unauthorized Component Detection, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (3): Automated Unauthorized Component Detection. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM83AutomatedUnauthorizedComponentDetection |
| TIP NIST SP 800-53 r4 Security Control CM-8 (4): Accountability Information, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (4): Accountability Information. Applicable to HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM84AccountabilityInformation |
| TIP NIST SP 800-53 r4 Security Control CM-8 (5): No Duplicate Accounting of Components, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (5): No Duplicate Accounting of Components. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM85NoDuplicateAccountingofComponents |
| TIP NIST SP 800-53 r4 Security Control CM-9: Configuration Management Plan, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-9: Configuration Management Plan. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM9ConfigurationManagementPlan |
| TIP NIST SP 800-53 r4 Security Control CM-10: Software Usage Restrictions, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-10: Software Usage Restrictions. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM10SoftwareUsageRestrictions |
| TIP NIST SP 800-53 r4 Security Control CM-11: User-Installed Software, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-11: User-Installed Software. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM11UserInstalledSoftware |
Sources (1)
| SP800-53R4 | NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4. |