CCI-001743

The organization defines the security responses to be automatically implemented by the information system if baseline configurations are changed in an unauthorized manner.

Implementation Guidance

The organization being inspected/assessed defines and documents, in the configuration management policy, the security responses to be automatically implemented by the information system if baseline configurations are changed in an unauthorized manner. DoD has determined that the value is not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the configuration management policy to ensure the organization being inspected/assessed defines the security responses to be automatically implemented by the information system if baseline configurations are changed in an unauthorized manner. DoD has determined that the value is not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated Configuration Management Policy, which defines and documents the security to be automatically implemented by the information system if baseline configurations are changed in an unauthorized manner

The controls below (if any) were marked by NIST as being related to CCI-001743.