CCI-000368
CCI-000368 Definition
Document any deviations from the established configuration settings for organization-defined system components based on organization-defined operational requirements.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed documents in the security plan and POAandM, if applicable, all configurable information system components which deviate from configuration settings, and which settings as defined in CM-6, CCI 1756. DoD has defined the information system components as all configurable information system components.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the security plan to ensure the organization being inspected/assessed has documented deviations from configuration settings for information system components.
Compelling Evidence
1.) Example POA&M