CCI-001758

Defines the configuration settings for which to employ organization-defined actions in response to unauthorized changes.

Implementation Guidance

Determine if [CM-06(02)_ODP[01]; actions to be taken upon an unauthorized change are defined] are taken in response to unauthorized changes to [CM-06(02)_ODP[02]; configuration settings requiring action upon an unauthorized change are defined].

Validation Procedures

Examine: [SELECT FROM: System security plan; privacy plan; configuration management policy; procedures addressing configuration settings for the system; configuration management plan; system design documentation; system configuration settings and associated documentation; alerts/notifications of unauthorized changes to system configuration settings; system component inventory; documented responses to unauthorized changes to system configuration settings; change control records; system audit records; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with security configuration management responsibilities; organizational personnel with security and privacy responsibilities; system/network administrators]. Test: [SELECT FROM: Organizational process for responding to unauthorized changes to system configuration settings; mechanisms supporting and/or implementing actions in response to unauthorized changes].

The controls below (if any) were marked by NIST as being related to CCI-001758.