CCI-001801

The organization implements a configuration management plan for the information system that protects the configuration management plan from unauthorized disclosure and modification.

Implementation Guidance

The organization being inspected/assessed must implement a plan to protect the configuration management plan from unauthorized disclosure and modification. Measures must include marking, labeling, and handling to prevent improper disclosure. The organization being inspected/assessed must ensure that all changes to the CM plan are approved.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the configuration management plan to verify that the identified protection measures are implemented.

Compelling Evidence

1.) Signed and dated configuration management plan

The controls below (if any) were marked by NIST as being related to CCI-001801.