NIST SP 800-53 r4 - Security Control Family: Configuration Management - Controls for MODERATE Impact Systems, v4
Profile of requirements corresponding to all MODERATE impact security controls in NIST Special Publication 800-53, r4, under the control family of Configuration Management.
| Identifier | https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4---security-control-family_-configuration-management---controls-for-moderate-impact-systems/4/ | ||||
| Publication Date | 2021-04-26 | ||||
| Issuing Organization |
Trustmark Initiative (https://trustmarkinitiative.org/)
View Contact
|
||||
| Keywords | 800-53, Configuration Management, NIST, Security, Moderate | ||||
| Legal Notice | This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein. |
Loading...
Trust Expression:
TIP_NISTSP80053r4SecurityControlFamilyConfigurationManagementControlsforLOWImpactSystems and TIP_NISTSP80053r4SecurityControlCM1ConfigurationManagementPolicyandProcedures and TIP_NISTSP80053r4SecurityControlCM2BaselineConfiguration and TIP_NISTSP80053r4SecurityControlCM21ReviewsandUpdates and TIP_NISTSP80053r4SecurityControlCM23RetentionofPreviousConfigurations and TIP_NISTSP80053r4SecurityControlCM27ConfigureSystemsComponentsorDevicesforHighRiskAreas and TIP_NISTSP80053r4SecurityControlCM3ConfigurationChangeControl and TIP_NISTSP80053r4SecurityControlCM32TestValidateDocumentChanges and TIP_NISTSP80053r4SecurityControlCM4SecurityImpactAnalysis and TIP_NISTSP80053r4SecurityControlCM5AccessRestrictionsforChange and TIP_NISTSP80053r4SecurityControlCM6ConfigurationSettings and TIP_NISTSP80053r4SecurityControlCM7LeastFunctionality and TIP_NISTSP80053r4SecurityControlCM71PeriodicReview and TIP_NISTSP80053r4SecurityControlCM72PreventProgramExecution and TIP_NISTSP80053r4SecurityControlCM74UnauthorizedSoftwareBlacklisting and TIP_NISTSP80053r4SecurityControlCM8InformationSystemComponentInventory and TIP_NISTSP80053r4SecurityControlCM81UpdatesDuringInstallationsRemovals and TIP_NISTSP80053r4SecurityControlCM83AutomatedUnauthorizedComponentDetection and TIP_NISTSP80053r4SecurityControlCM85NoDuplicateAccountingofComponents and TIP_NISTSP80053r4SecurityControlCM9ConfigurationManagementPlan and TIP_NISTSP80053r4SecurityControlCM10SoftwareUsageRestrictions and TIP_NISTSP80053r4SecurityControlCM11UserInstalledSoftware
References (22)
| TIP NIST SP 800-53 r4 - Security Control Family: Configuration Management - Controls for LOW Impact Systems, v4 | |
|---|---|
| Description | Profile of requirements corresponding to all LOW impact security controls in NIST Special Publication 800-53, r4, under the control family of Configuration Management. |
| ID | TIP_NISTSP80053r4SecurityControlFamilyConfigurationManagementControlsforLOWImpactSystems |
| TIP NIST SP 800-53 r4 Security Control CM-1: Configuration Management Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-1: Configuration Management Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM1ConfigurationManagementPolicyandProcedures |
| TIP NIST SP 800-53 r4 Security Control CM-2: Baseline Configuration, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2: Baseline Configuration. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM2BaselineConfiguration |
| TIP NIST SP 800-53 r4 Security Control CM-2 (1): Reviews and Updates, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (1): Reviews and Updates. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM21ReviewsandUpdates |
| TIP NIST SP 800-53 r4 Security Control CM-2 (3): Retention of Previous Configurations, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (3): Retention of Previous Configurations. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM23RetentionofPreviousConfigurations |
| TIP NIST SP 800-53 r4 Security Control CM-2 (7): Configure Systems, Components, or Devices for High-Risk Areas, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (7): Configure Systems, Components, or Devices for High-Risk Areas. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM27ConfigureSystemsComponentsorDevicesforHighRiskAreas |
| TIP NIST SP 800-53 r4 Security Control CM-3: Configuration Change Control, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3: Configuration Change Control. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM3ConfigurationChangeControl |
| TIP NIST SP 800-53 r4 Security Control CM-3 (2): Test / Validate / Document Changes, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3 (2): Test / Validate / Document Changes. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM32TestValidateDocumentChanges |
| TIP NIST SP 800-53 r4 Security Control CM-4: Security Impact Analysis, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-4: Security Impact Analysis. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM4SecurityImpactAnalysis |
| TIP NIST SP 800-53 r4 Security Control CM-5: Access Restrictions for Change, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5: Access Restrictions for Change. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM5AccessRestrictionsforChange |
| TIP NIST SP 800-53 r4 Security Control CM-6: Configuration Settings, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-6: Configuration Settings. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM6ConfigurationSettings |
| TIP NIST SP 800-53 r4 Security Control CM-7: Least Functionality, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7: Least Functionality. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM7LeastFunctionality |
| TIP NIST SP 800-53 r4 Security Control CM-7 (1): Periodic Review, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (1): Periodic Review. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM71PeriodicReview |
| TIP NIST SP 800-53 r4 Security Control CM-7 (2): Prevent Program Execution, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (2): Prevent Program Execution. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM72PreventProgramExecution |
| TIP NIST SP 800-53 r4 Security Control CM-7 (4): Unauthorized Software / Blacklisting, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (4): Unauthorized Software / Blacklisting. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM74UnauthorizedSoftwareBlacklisting |
| TIP NIST SP 800-53 r4 Security Control CM-8: Information System Component Inventory, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8: Information System Component Inventory. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM8InformationSystemComponentInventory |
| TIP NIST SP 800-53 r4 Security Control CM-8 (1): Updates During Installations / Removals, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (1): Updates During Installations / Removals. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM81UpdatesDuringInstallationsRemovals |
| TIP NIST SP 800-53 r4 Security Control CM-8 (3): Automated Unauthorized Component Detection, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (3): Automated Unauthorized Component Detection. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM83AutomatedUnauthorizedComponentDetection |
| TIP NIST SP 800-53 r4 Security Control CM-8 (5): No Duplicate Accounting of Components, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (5): No Duplicate Accounting of Components. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM85NoDuplicateAccountingofComponents |
| TIP NIST SP 800-53 r4 Security Control CM-9: Configuration Management Plan, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-9: Configuration Management Plan. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM9ConfigurationManagementPlan |
| TIP NIST SP 800-53 r4 Security Control CM-10: Software Usage Restrictions, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-10: Software Usage Restrictions. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM10SoftwareUsageRestrictions |
| TIP NIST SP 800-53 r4 Security Control CM-11: User-Installed Software, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-11: User-Installed Software. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlCM11UserInstalledSoftware |
Sources (1)
| SP800-53R4 | NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4. |