An error occurred:

© 2025 Xylok, LLC

Version: features-advanced-collector-898c2c - rmfrev4

Navigate

CCI-000318

CCI-000318 Definition

Monitor and review activities associated with configuration-controlled changes to the system.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000318.

Control

Description

The organization:

a: Determines the types of changes to the information system that are configuration-controlled;

b: Reviews proposed configuration-controlled changes to the information system and approves or disapproves such changes with explicit consideration for security impact analyses;

c: Documents configuration change decisions associated with the information system;

d: Implements approved configuration-controlled changes to the information system;

e: Retains records of configuration-controlled changes to the information system for [one of ];

f: Audits and reviews activities associated with configuration-controlled changes to the information system; and

g: Coordinates and provides oversight for configuration change control activities through [one of ] that convenes [one or more of " {{ insert: param, cm-3_prm_4 }} "/" {{ insert: param, cm-3_prm_5 }} "].