Navigate

CCI-000369

CCI-000369 Definition

Approve any deviations from the established configuration settings for organization-defined system components based on organization-defined operational requirements.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed manages and approves changes to the security plan documenting deviations IAW CM-3, CCI 314. The organization must maintain an audit trail of approved changes to the security plan.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the security plan and the audit trail of approved changes to ensure the deviations are approved IAW CM-3, CCI 314.

Compelling Evidence

1.) Audit trail of approved changes to configuration settings

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000369.

Control	Description
CM-6	The organization: a: Establishes and documents configuration settings for information technology products employed within the information system using [one of ] that reflect the most restrictive mode consistent with operational requirements; b: Implements the configuration settings; c: Identifies, documents, and approves any deviations from established configuration settings for [one of ] based on [one of ]; and d: Monitors and controls changes to the configuration settings in accordance with organizational policies and procedures.

Control

Description

CM-6

The organization:

a: Establishes and documents configuration settings for information technology products employed within the information system using [one of ] that reflect the most restrictive mode consistent with operational requirements;

b: Implements the configuration settings;

c: Identifies, documents, and approves any deviations from established configuration settings for [one of ] based on [one of ]; and

d: Monitors and controls changes to the configuration settings in accordance with organizational policies and procedures.