CCI-001757

The organization defines the security safeguards the organization is to employ when responding to unauthorized changes to the organization-defined configuration settings.

Implementation Guidance

The organization being inspected/assessed must define and document in the configuration management policy, the security safeguards the organization is to employ when responding to unauthorized changes to the configuration settings defined in CM-6 (2), CCI 1758. DoD has determined that it is not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the configuration management policy to ensure the organization being inspected/assessed defines the security safeguards the organization is to employ when responding to unauthorized changes to the configuration settings defined in CM-6 (2), CCI 1758. DoD has determined that it is not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated configuration management policy, which documents the security safeguards the organization is to employ when responding to unauthorized changes to the configuration settings defined in CM-6 (2), CCI 1758

The controls below (if any) were marked by NIST as being related to CCI-001757.