Navigate

CCI-000369

CCI-000369 Definition

Approve any deviations from the established configuration settings for organization-defined system components based on organization-defined operational requirements.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000369.

Control	Description
CM-6	The organization: a: Establishes and documents configuration settings for information technology products employed within the information system using [one of ] that reflect the most restrictive mode consistent with operational requirements; b: Implements the configuration settings; c: Identifies, documents, and approves any deviations from established configuration settings for [one of ] based on [one of ]; and d: Monitors and controls changes to the configuration settings in accordance with organizational policies and procedures.

Control

Description

CM-6

The organization:

a: Establishes and documents configuration settings for information technology products employed within the information system using [one of ] that reflect the most restrictive mode consistent with operational requirements;

b: Implements the configuration settings;

c: Identifies, documents, and approves any deviations from established configuration settings for [one of ] based on [one of ]; and

d: Monitors and controls changes to the configuration settings in accordance with organizational policies and procedures.