Navigate

CM-6(2)

CM-6(2): Respond to Unauthorized Changes

The organization employs [one of ] to respond to unauthorized changes to [one of ].

Supplemental

Responses to unauthorized changes to configuration settings can include, for example, alerting designated organizational personnel, restoring established configuration settings, or in extreme cases, halting affected information system processing.

CIA Levels
Confidentiality	unknown
Integrity	high
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to CM-6(2).

Control	Description
IR-4	The organization: a: Implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery; b: Coordinates incident handling activities with contingency planning activities; and c: Incorporates lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implements the resulting changes accordingly.
SI-7	The organization employs integrity verification tools to detect unauthorized changes to [one of ].

Control

Description

IR-4

The organization:

a: Implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery;

b: Coordinates incident handling activities with contingency planning activities; and

c: Incorporates lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implements the resulting changes accordingly.

SI-7

The organization employs integrity verification tools to detect unauthorized changes to [one of ].

Enhancements

The controls below (if any) add on to the requirements of CM-6(2).

Control	Description
No controls

Related CCIs

The CCIs below are tied to CM-6(2).

CCI	Definition
CCI-001757	Defines the actions to employ when responding to unauthorized changes to the organization-defined configuration settings.
CCI-001758	Defines the configuration settings for which to employ organization-defined actions in response to unauthorized changes.
CCI-001759	Take organization-defined actions in response to unauthorized changes to organization-defined configuration settings.