CCI-001801

Implement a configuration management plan for the system that protects the configuration management plan from unauthorized disclosure and modification.

Implementation Guidance

Determine if: - the configuration management plan is protected from unauthorized disclosure. - the configuration management plan is protected from unauthorized modification.

Validation Procedures

Examine: [SELECT FROM: Configuration management policy; procedures addressing configuration management planning; configuration management plan; system design documentation; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for developing the configuration management plan; organizational personnel with responsibilities for implementing and managing processes defined in the configuration management plan; organizational personnel with responsibilities for protecting the configuration management plan; organizational personnel with information security and privacy responsibilities; system/network administrators]. Test: [SELECT FROM: Organizational processes for developing and documenting the configuration management plan; organizational processes for identifying and managing configuration items; organizational processes for protecting the configuration management plan; mechanisms implementing the configuration management plan; mechanisms for managing configuration items; mechanisms for protecting the configuration management plan].

The controls below (if any) were marked by NIST as being related to CCI-001801.