CA-9(1)

CA-9(1): Security Compliance Checks

The information system performs security compliance checks on constituent system components prior to the establishment of the internal connection.

Security compliance checks may include, for example, verification of the relevant baseline configuration.

Overlays
None

CSF Categories
None

The controls below (if any) were marked by NIST as being related to CA-9(1).

Control	Description
CM-6	The organization: a: Establishes and documents configuration settings for information technology products employed within the information system using [organization-defined security configuration checklists] that reflect the most restrictive mode consistent with operational requirements; b: Implements the configuration settings; c: Identifies, documents, and approves any deviations from established configuration settings for [organization-defined information system components] based on [organization-defined operational requirements]; and d: Monitors and controls changes to the configuration settings in accordance with organizational policies and procedures.

Control

Description

a: Establishes and documents configuration settings for information technology products employed within the information system using [organization-defined security configuration checklists] that reflect the most restrictive mode consistent with operational requirements;

c: Identifies, documents, and approves any deviations from established configuration settings for [organization-defined information system components] based on [organization-defined operational requirements]; and

d: Monitors and controls changes to the configuration settings in accordance with organizational policies and procedures.

The controls below (if any) add on to the requirements of CA-9(1).

Control	Description
No controls

The CCIs below are tied to CA-9(1).

CCI	Definition
CCI-002100	Perform security compliance checks on constituent components prior to the establishment of the internal connection.