CCI-000367
CCI-000367 Definition
Identify any deviations from the established configuration settings for organization-defined system components based on organization-defined operational requirements.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed documents in the security plan and POAandM, if applicable, the information system components as defined in CM-6, CCI 1755 which deviate from configuration settings, and which settings as defined in CM-6, CCI 1756.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the security plan to ensure the organization being inspected/assessed has documented deviations from configuration settings for information system components.
Compelling Evidence
1.) Example POA&M