Navigate

CCI-001822

CCI-001822 Definition

The organization disseminates the configuration management policy to organization-defined personnel or roles.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed disseminates a configuration management policy via an information sharing capability (e.g. portal, intranet, email, etc) to all stakeholders in the configuration management process. DoD has defined the organizational personnel or roles as all stakeholders in the configuration management process.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the configuration management policy via the inspected organization's information sharing capability (e.g. portal, intranet, email, etc) to ensure it has been disseminated.

Compelling Evidence

1.) List of personnel to whom the configuration management policy is to be disseminated.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001822.

Control	Description
CM-1	The organization: CM-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: CM-1a.1.: A configuration management policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and CM-1a.2.: Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and CM-1b.: Reviews and updates the current: CM-1b.1.: Configuration management policy [Assignment: organization-defined frequency]; and CM-1b.2.: Configuration management procedures [Assignment: organization-defined frequency].

Control

Description

CM-1

The organization:

CM-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]:
- CM-1a.1.: A configuration management policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
- CM-1a.2.: Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and

CM-1b.: Reviews and updates the current:
- CM-1b.1.: Configuration management policy [Assignment: organization-defined frequency]; and
- CM-1b.2.: Configuration management procedures [Assignment: organization-defined frequency].