Detections
Analytics

800-53|CM-3

Title

CONFIGURATION CHANGE CONTROL

Description

The organization:

Supplemental

Configuration change controls for organizational information systems involve the systematic proposal, justification, implementation, testing, review, and disposition of changes to the systems, including system upgrades and modifications. Configuration change control includes changes to baseline configurations for components and configuration items of information systems, changes to configuration settings for information technology products (e.g., operating systems, applications, firewalls, routers, and mobile devices), unscheduled/unauthorized changes, and changes to remediate vulnerabilities. Typical processes for managing configuration changes to information systems include, for example, Configuration Control Boards that approve proposed changes to systems. For new development information systems or systems undergoing major upgrades, organizations consider including representatives from development organizations on the Configuration Control Boards. Auditing of changes includes activities before and after changes are made to organizational information systems and the auditing activities required to implement such changes.

Reference Item Details

Related: CA-7,CM-2,CM-4,CM-5,CM-6,CM-9,SA-10,SI-12,SI-2

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.3.7 Set 'Do not apply during periodic background processing' to 'Enabled:FALSE'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.8 Set 'Process even if the Group Policy objects have not changed' to 'Enabled:TRUE'WindowsCIS Windows 8 L1 v1.0.0
1.3.1 Ensure AIDE is installedUnixCIS Amazon Linux 2 STIG v2.0.0 L1 Server
1.3.1 Ensure AIDE is installedUnixCIS Amazon Linux 2 STIG v2.0.0 L1 Workstation
1.3.1 Ensure AIDE is installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.1 Ensure AIDE is installedUnixCIS Amazon Linux 2 STIG v2.0.0 STIG
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Amazon Linux 2 STIG v2.0.0 STIG
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Amazon Linux 2 STIG v2.0.0 L1 Server
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Amazon Linux 2 STIG v2.0.0 L1 Workstation
1.3.2 Ensure filesystem integrity is regularly checked - aideUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.2 Ensure filesystem integrity is regularly checked - cronUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.2 Ensure filesystem integrity is regularly checked - mailUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.6 Ensure that the RotateKubeletServerCertificate argument is set to trueUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.3.7 Ensure that the RotateKubeletServerCertificate argument is set to trueUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.4.5.1 Ensure 'aaa command accounting' is configured correctlyCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.4.5.1 Ensure 'aaa command accounting' is configured correctlyCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.4.5.2 Ensure 'aaa accounting for SSH' is configured correctlyCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.4.5.2 Ensure 'aaa accounting for SSH' is configured correctlyCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.4.5.3 Ensure 'aaa accounting for Serial console' is configured correctlyCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.4.5.3 Ensure 'aaa accounting for Serial console' is configured correctlyCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.4.5.4 Ensure 'aaa accounting for EXEC mode' is configured correctlyCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.4.5.4 Ensure 'aaa accounting for EXEC mode' is configured correctlyCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.5.3 Ensure prelink is not installedUnixCIS Debian Linux 10 v2.0.0 L1 Server
1.5.3 Ensure prelink is not installedUnixCIS Debian Linux 10 v2.0.0 L1 Workstation
1.5.4 Ensure prelink is not installedUnixCIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation
1.5.4 Ensure prelink is not installedUnixCIS Debian Linux 11 v2.0.0 L1 Workstation
1.5.4 Ensure prelink is not installedUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server
1.5.4 Ensure prelink is not installedUnixCIS Ubuntu Linux 20.04 LTS v3.0.0 L1 Server
1.5.4 Ensure prelink is not installedUnixCIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server
1.5.4 Ensure prelink is not installedUnixCIS Debian Linux 11 v2.0.0 L1 Server
1.5.4 Ensure prelink is not installedUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation
1.5.4 Ensure prelink is not installedUnixCIS Ubuntu Linux 20.04 LTS v3.0.0 L1 Workstation
1.5.5 Ensure prelink is not installedUnixCIS Ubuntu Linux 22.04 LTS v3.0.0 L1 Workstation
1.11 Ensure the mailx package is installedUnixCIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG
1.22 WN16-00-000240WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.22 WN16-00-000240WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.22 WN19-00-000220WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.22 WN19-00-000220WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.22 WN22-00-000220WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.22 WN22-00-000220WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.106 WN16-CC-000150WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.106 WN16-CC-000150WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.107 WN19-CC-000140WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.107 WN19-CC-000140WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.107 WN22-CC-000140WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.107 WN22-CC-000140WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.113 UBTU-22-651020UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.122 WN10-CC-000090WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.351 RHEL-09-651010UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.352 RHEL-09-651015UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II