CCI-001743
CCI-001743 Definition
| Status | |
| Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
Determine if [CM-03(05)_ODP; security responses to be automatically implemented are defined] are automatically implemented if baseline configurations are changed in an unauthorized manner.
Validation Procedures
Examine: [SELECT FROM: System security plan; configuration management policy; procedures addressing system configuration change control; configuration management plan; system design documentation; system architecture and configuration documentation; system configuration settings and associated documentation; alerts/notifications of unauthorized baseline configuration changes; system audit records; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with configuration change control responsibilities; organizational personnel with information security responsibilities; system/network administrators; system developers; members of change control board or similar]. Test: [SELECT FROM: Organizational processes for configuration change control; automated mechanisms implementing security responses to unauthorized changes to the baseline configurations].