Navigate

CM-3 (5)

CM-3 (5): Automated Security Response

The information system implements [Assignment: organization-defined security responses] automatically if baseline configurations are changed in an unauthorized manner.

Supplemental

Security responses include, for example, halting information system processing, halting selected system functions, or issuing alerts/notifications to organizational personnel when there is an unauthorized modification of a configuration item.

CIA Levels
Confidentiality	unknown
Integrity	high
Availability	unknown

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to CM-3 (5).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of CM-3 (5).

Control	Description
No controls

Related CCIs

The CCIs below are tied to CM-3 (5).

CCI	Definition
CCI-001743	The organization defines the security responses to be automatically implemented by the information system if baseline configurations are changed in an unauthorized manner.
CCI-001744	The information system implements organization-defined security responses automatically if baseline configurations are changed in an unauthorized manner.