Navigate

• Top
• Description
• Related
• Enhancements
• CCIs

CA-9(1)

CA-9(1): Compliance Checks

Perform security and privacy compliance checks on constituent system components prior to the establishment of the internal connection.

Supplemental

Compliance checks include verification of the relevant baseline configuration.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
DAF Baseline, Int-A, Int-B, Int-C

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to CA-9(1).

Control

Description

CM-6

a: Establish and document configuration settings for components employed within the system that reflect the most restrictive mode consistent with operational requirements using [common secure configurations to establish and document configuration settings for components employed within the system are defined;]; b: Implement the configuration settings; c: Identify, document, and approve any deviations from established configuration settings for [system components for which approval of deviations is needed are defined;] based on [operational requirements necessitating approval of deviations are defined;] ; and d: Monitor and control changes to the configuration settings in accordance with organizational policies and procedures.

Enhancements

The controls below (if any) add on to the requirements of CA-9(1).

Control	Description
No controls

Related CCIs

The CCIs below are tied to CA-9(1).

CCI	Definition
CCI-002100	Perform security compliance checks on constituent components prior to the establishment of the internal connection.
CCI-003896	Perform privacy compliance checks on constituent components prior to the establishment of the internal connection.