Navigate

CCI-001821

CCI-001821 Definition

The organization defines the organizational personnel or roles to whom the configuration management policy is to be disseminated.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the organizational personnel or roles as all stakeholders in the configuration management process.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the organizational personnel or roles as all stakeholders in the configuration management process.

Compelling Evidence

Automatically Compliant

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001821.

Control	Description
CM-1	The organization: CM-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: CM-1a.1.: A configuration management policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and CM-1a.2.: Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and CM-1b.: Reviews and updates the current: CM-1b.1.: Configuration management policy [Assignment: organization-defined frequency]; and CM-1b.2.: Configuration management procedures [Assignment: organization-defined frequency].

Control

Description

CM-1

The organization:

CM-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]:
- CM-1a.1.: A configuration management policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
- CM-1a.2.: Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and

CM-1b.: Reviews and updates the current:
- CM-1b.1.: Configuration management policy [Assignment: organization-defined frequency]; and
- CM-1b.2.: Configuration management procedures [Assignment: organization-defined frequency].