CCI-001799

The organization develops and documents a configuration management plan for the information system that protects the configuration management plan from unauthorized disclosure and modification.

Implementation Guidance

The organization being inspected/assessed must develop and document a plan to protect the configuration management plan from unauthorized disclosure and modification. Measures must include marking, labeling, and handling to prevent improper disclosure. The organization being inspected/assessed must ensure that all changes to the CM plan are approved.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the configuration management plan to verify that it identifies the protection measures.

Compelling Evidence

1.) Signed and dated configuration management plan

The controls below (if any) were marked by NIST as being related to CCI-001799.