Navigate

CCI-000297

CCI-000297 Definition

The organization reviews and updates the baseline configuration of the information system when required due to organization-defined circumstances.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed reviews and updates the baseline configuration of the information system when required due to baseline configuration changes or as events dictate such as changes due to USCYBERCOM tactical orders/ directives or cyber attacks. The organization must document each occurrence of the reviews and update actions as an audit trail. DoD has defined the circumstances as baseline configuration changes or as events dictate such as changes due to USCYBERCOM tactical orders/ directives or cyber attacks.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines documentation of organizational reviews and update actions for the baseline configuration of the information system when required due to baseline configuration changes or as events dictate such as changes due to USCYBERCOM tactical orders/ directives or cyber attacks to ensure review and necessary updates are occurring. DoD has defined the circumstances as baseline configuration changes or as events dictate such as changes due to USCYBERCOM tactical orders/ directives or cyber attacks.

Compelling Evidence

1.) Documented change to baseline configuration due to organization-defined circumstances

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000297.

Control	Description
CM-2 (1)	The organization reviews and updates the baseline configuration of the information system: CM-2 (1)(a): [Assignment: organization-defined frequency]; CM-2 (1)(b): When required due to [Assignment organization-defined circumstances]; and CM-2 (1)(c): As an integral part of information system component installations and upgrades.