{
  "$TMF_VERSION": "1.4",
  "PublicationDateTime": "2021-04-26T00:00:00.000Z",
  "Description": "Profile of requirements corresponding to all supplemental security controls in NIST Special Publication 800-53, r4, under the control family of Configuration Management.",
  "Keywords": [
    "800-53",
    "Configuration Management",
    "NIST",
    "Security",
    "Supplemental"
  ],
  "Issuer": {
    "Identifier": "https://trustmarkinitiative.org/",
    "PrimaryContact": {
      "Email": "help@trustmarkinitiative.org",
      "Telephone": "555-555-5555",
      "Kind": "PRIMARY",
      "WebsiteURL": "https://trustmarkinitiative.org/",
      "Responder": ""
    },
    "Name": "TMI"
  },
  "Sources": [{
    "Identifier": "SP800-53R4",
    "Reference": "NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at <a href=\"http://dx.doi.org/10.6028/NIST.SP.800-53r4\">http://dx.doi.org/10.6028/NIST.SP.800-53r4<\/a>.",
    "$id": "source-2112165102"
  }],
  "Name": "NIST SP 800-53 r4 - Security Control Family: Configuration Management - Supplemental Controls",
  "TrustExpression": "TIP_NISTSP80053r4SecurityControlCM26DevelopmentandTestEnvironments and TIP_NISTSP80053r4SecurityControlCM33AutomatedChangeImplementation and TIP_NISTSP80053r4SecurityControlCM34SecurityRepresentative and TIP_NISTSP80053r4SecurityControlCM35AutomatedSecurityResponse and TIP_NISTSP80053r4SecurityControlCM36CryptographyManagement and TIP_NISTSP80053r4SecurityControlCM42VerificationofSecurityFunctions and TIP_NISTSP80053r4SecurityControlCM54DualAuthorization and TIP_NISTSP80053r4SecurityControlCM55LimitProductionOperationalPrivileges and TIP_NISTSP80053r4SecurityControlCM56LimitLibraryPrivileges and TIP_NISTSP80053r4SecurityControlCM73RegistrationCompliance and TIP_NISTSP80053r4SecurityControlCM86AssessedConfigurationsApprovedDeviations and TIP_NISTSP80053r4SecurityControlCM87CentralizedRepository and TIP_NISTSP80053r4SecurityControlCM88AutomatedLocationTracking and TIP_NISTSP80053r4SecurityControlCM89AssignmentofComponentstoSystems and TIP_NISTSP80053r4SecurityControlCM91AssignmentofResponsibility and TIP_NISTSP80053r4SecurityControlCM101OpenSourceSoftware and TIP_NISTSP80053r4SecurityControlCM111AlertsforUnauthorizedInstallations and TIP_NISTSP80053r4SecurityControlCM112ProhibitInstallationWithoutPrivilegedStatus",
  "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4---security-control-family_-configuration-management---supplemental-controls/4/",
  "Version": "4",
  "References": {"TrustInteroperabilityProfileReferences": [
    {
      "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-cm-2-_6__-development-and-test-environments/4/",
      "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (6): Development and Test Environments.",
      "Number": 1,
      "Version": "4",
      "$Type": "TrustInteroperabilityProfileReference",
      "Name": "NIST SP 800-53 r4 Security Control CM-2 (6): Development and Test Environments",
      "$id": "TIP_NISTSP80053r4SecurityControlCM26DevelopmentandTestEnvironments"
    },
    {
      "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-cm-3-_3__-automated-change-implementation/4/",
      "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3 (3): Automated Change Implementation.",
      "Number": 2,
      "Version": "4",
      "$Type": "TrustInteroperabilityProfileReference",
      "Name": "NIST SP 800-53 r4 Security Control CM-3 (3): Automated Change Implementation",
      "$id": "TIP_NISTSP80053r4SecurityControlCM33AutomatedChangeImplementation"
    },
    {
      "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-cm-3-_4__-security-representative/4/",
      "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3 (4): Security Representative.",
      "Number": 3,
      "Version": "4",
      "$Type": "TrustInteroperabilityProfileReference",
      "Name": "NIST SP 800-53 r4 Security Control CM-3 (4): Security Representative",
      "$id": "TIP_NISTSP80053r4SecurityControlCM34SecurityRepresentative"
    },
    {
      "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-cm-3-_5__-automated-security-response/4/",
      "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3 (5): Automated Security Response.",
      "Number": 4,
      "Version": "4",
      "$Type": "TrustInteroperabilityProfileReference",
      "Name": "NIST SP 800-53 r4 Security Control CM-3 (5): Automated Security Response",
      "$id": "TIP_NISTSP80053r4SecurityControlCM35AutomatedSecurityResponse"
    },
    {
      "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-cm-3-_6__-cryptography-management/4/",
      "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3 (6): Cryptography Management.",
      "Number": 5,
      "Version": "4",
      "$Type": "TrustInteroperabilityProfileReference",
      "Name": "NIST SP 800-53 r4 Security Control CM-3 (6): Cryptography Management",
      "$id": "TIP_NISTSP80053r4SecurityControlCM36CryptographyManagement"
    },
    {
      "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-cm-4-_2__-verification-of-security-functions/4/",
      "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-4 (2): Verification of Security Functions.",
      "Number": 6,
      "Version": "4",
      "$Type": "TrustInteroperabilityProfileReference",
      "Name": "NIST SP 800-53 r4 Security Control CM-4 (2): Verification of Security Functions",
      "$id": "TIP_NISTSP80053r4SecurityControlCM42VerificationofSecurityFunctions"
    },
    {
      "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-cm-5-_4__-dual-authorization/4/",
      "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5 (4): Dual Authorization.",
      "Number": 7,
      "Version": "4",
      "$Type": "TrustInteroperabilityProfileReference",
      "Name": "NIST SP 800-53 r4 Security Control CM-5 (4): Dual Authorization",
      "$id": "TIP_NISTSP80053r4SecurityControlCM54DualAuthorization"
    },
    {
      "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-cm-5-_5__-limit-production-_-operational-privileges/4/",
      "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5 (5): Limit Production / Operational Privileges.",
      "Number": 8,
      "Version": "4",
      "$Type": "TrustInteroperabilityProfileReference",
      "Name": "NIST SP 800-53 r4 Security Control CM-5 (5): Limit Production / Operational Privileges",
      "$id": "TIP_NISTSP80053r4SecurityControlCM55LimitProductionOperationalPrivileges"
    },
    {
      "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-cm-5-_6__-limit-library-privileges/4/",
      "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5 (6): Limit Library Privileges.",
      "Number": 9,
      "Version": "4",
      "$Type": "TrustInteroperabilityProfileReference",
      "Name": "NIST SP 800-53 r4 Security Control CM-5 (6): Limit Library Privileges",
      "$id": "TIP_NISTSP80053r4SecurityControlCM56LimitLibraryPrivileges"
    },
    {
      "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-cm-7-_3__-registration-compliance/4/",
      "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (3): Registration Compliance.",
      "Number": 10,
      "Version": "4",
      "$Type": "TrustInteroperabilityProfileReference",
      "Name": "NIST SP 800-53 r4 Security Control CM-7 (3): Registration Compliance",
      "$id": "TIP_NISTSP80053r4SecurityControlCM73RegistrationCompliance"
    },
    {
      "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-cm-8-_6__-assessed-configurations-_-approved-deviations/4/",
      "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (6): Assessed Configurations / Approved Deviations.",
      "Number": 11,
      "Version": "4",
      "$Type": "TrustInteroperabilityProfileReference",
      "Name": "NIST SP 800-53 r4 Security Control CM-8 (6): Assessed Configurations / Approved Deviations",
      "$id": "TIP_NISTSP80053r4SecurityControlCM86AssessedConfigurationsApprovedDeviations"
    },
    {
      "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-cm-8-_7__-centralized-repository/4/",
      "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (7): Centralized Repository.",
      "Number": 12,
      "Version": "4",
      "$Type": "TrustInteroperabilityProfileReference",
      "Name": "NIST SP 800-53 r4 Security Control CM-8 (7): Centralized Repository",
      "$id": "TIP_NISTSP80053r4SecurityControlCM87CentralizedRepository"
    },
    {
      "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-cm-8-_8__-automated-location-tracking/4/",
      "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (8): Automated Location Tracking.",
      "Number": 13,
      "Version": "4",
      "$Type": "TrustInteroperabilityProfileReference",
      "Name": "NIST SP 800-53 r4 Security Control CM-8 (8): Automated Location Tracking",
      "$id": "TIP_NISTSP80053r4SecurityControlCM88AutomatedLocationTracking"
    },
    {
      "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-cm-8-_9__-assignment-of-components-to-systems/4/",
      "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (9): Assignment of Components to Systems.",
      "Number": 14,
      "Version": "4",
      "$Type": "TrustInteroperabilityProfileReference",
      "Name": "NIST SP 800-53 r4 Security Control CM-8 (9): Assignment of Components to Systems",
      "$id": "TIP_NISTSP80053r4SecurityControlCM89AssignmentofComponentstoSystems"
    },
    {
      "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-cm-9-_1__-assignment-of-responsibility/4/",
      "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-9 (1): Assignment of Responsibility.",
      "Number": 15,
      "Version": "4",
      "$Type": "TrustInteroperabilityProfileReference",
      "Name": "NIST SP 800-53 r4 Security Control CM-9 (1): Assignment of Responsibility",
      "$id": "TIP_NISTSP80053r4SecurityControlCM91AssignmentofResponsibility"
    },
    {
      "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-cm-10-_1__-open-source-software/4/",
      "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-10 (1): Open Source Software.",
      "Number": 16,
      "Version": "4",
      "$Type": "TrustInteroperabilityProfileReference",
      "Name": "NIST SP 800-53 r4 Security Control CM-10 (1): Open Source Software",
      "$id": "TIP_NISTSP80053r4SecurityControlCM101OpenSourceSoftware"
    },
    {
      "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-cm-11-_1__-alerts-for-unauthorized-installations/4/",
      "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-11 (1): Alerts for Unauthorized Installations.",
      "Number": 17,
      "Version": "4",
      "$Type": "TrustInteroperabilityProfileReference",
      "Name": "NIST SP 800-53 r4 Security Control CM-11 (1): Alerts for Unauthorized Installations",
      "$id": "TIP_NISTSP80053r4SecurityControlCM111AlertsforUnauthorizedInstallations"
    },
    {
      "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-cm-11-_2__-prohibit-installation-without-privileged-status/4/",
      "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-11 (2): Prohibit Installation Without Privileged Status.",
      "Number": 18,
      "Version": "4",
      "$Type": "TrustInteroperabilityProfileReference",
      "Name": "NIST SP 800-53 r4 Security Control CM-11 (2): Prohibit Installation Without Privileged Status",
      "$id": "TIP_NISTSP80053r4SecurityControlCM112ProhibitInstallationWithoutPrivilegedStatus"
    }
  ]},
  "Primary": "false",
  "LegalNotice": "This document and the information contained herein is provided on an \"AS IS\" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.",
  "$Type": "TrustInteroperabilityProfile"
}