CCI-001758

The organization defines configuration settings for which the organization will employ organization-defined security safeguards in response to unauthorized changes.

Implementation Guidance

The organization being inspected/assessed must define and document in the configuration management policy, the configuration settings for which the organization will employ security safeguards defined in CM-6 (2), CCI 1757 in response to unauthorized changes. DoD has defined the configuration settings as security related configuration settings defined at the program/system level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the configuration management policy to ensure the organization being inspected/assessed defines the configuration settings for which the organization will employ security safeguards CM-6 (2), CCI 1757 in response to unauthorized changes. DoD has defined the configuration settings as security related configuration settings defined at the program/system level.

Compelling Evidence

1.) Signed and dated configuration management policy, which defines and documents the configuration settings for which the organization will employ security safeguards defined in CM-6 (2), CCI 1757 in response to unauthorized changes

The controls below (if any) were marked by NIST as being related to CCI-001758.