800-53|CM-9

Title

CONFIGURATION MANAGEMENT PLAN

Description

The organization develops, documents, and implements a configuration management plan for the information system that:

Supplemental

Configuration management plans satisfy the requirements in configuration management policies while being tailored to individual information systems. Such plans define detailed processes and procedures for how configuration management is used to support system development life cycle activities at the information system level. Configuration management plans are typically developed during the development/acquisition phase of the system development life cycle. The plans describe how to move changes through change management processes, how to update configuration settings and baselines, how to maintain information system component inventories, how to control development, test, and operational environments, and how to develop, release, and update key documents. Organizations can employ templates to help ensure consistent and timely development and implementation of configuration management plans. Such templates can represent a master configuration management plan for the organization at large with subsets of the plan implemented on a system by system basis. Configuration management approval processes include designation of key management stakeholders responsible for reviewing and approving proposed changes to information systems, and personnel that conduct security impact analyses prior to the implementation of changes to the systems. Configuration items are the information system items (hardware, software, firmware, and documentation) to be configuration-managed. As information systems continue through the system development life cycle, new configuration items may be identified and some existing configuration items may no longer need to be under configuration control.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: CM-2,CM-3,CM-4,CM-5,CM-8,SA-10

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1 Ensure Security Defaults is enabled on Azure Active Directory	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.1 Ensure mounting of squashfs filesystems is disabled	Unix	CIS SUSE Linux Enterprise 15 Server L2 v1.1.1
1.1.1.1 Ensure mounting of squashfs filesystems is disabled	Unix	CIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
1.1.1.1 Ensure mounting of squashfs filesystems is disabled	Unix	CIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
1.1.1.1 Ensure mounting of squashfs filesystems is disabled	Unix	CIS SUSE Linux Enterprise Server 12 L2 v3.1.0
1.1.1.1 Ensure mounting of UDF filesystems is disabled	Unix	CIS Bottlerocket L2
1.1.1.1 Ensure mounting of udf filesystems is disabled - lsmod	Unix	CIS Google Container-Optimized OS L2 Server v1.1.0
1.1.1.1 Ensure mounting of udf filesystems is disabled - modprobe	Unix	CIS Google Container-Optimized OS L2 Server v1.1.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - lsmod	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - lsmod	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - modprobe	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - modprobe	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation
1.1.1.2 Ensure mounting of udf filesystems is disabled	Unix	CIS SUSE Linux Enterprise Server 12 L1 v3.1.0
1.1.1.2 Ensure mounting of udf filesystems is disabled	Unix	CIS SUSE Linux Enterprise 15 Server L1 v1.1.1
1.1.1.2 Ensure mounting of udf filesystems is disabled	Unix	CIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
1.1.1.2 Ensure mounting of udf filesystems is disabled	Unix	CIS SUSE Linux Enterprise Workstation 12 L1 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - EFI	Unix	CIS SUSE Linux Enterprise Server 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - EFI	Unix	CIS SUSE Linux Enterprise 15 Server L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - EFI	Unix	CIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - EFI	Unix	CIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod fat	Unix	CIS SUSE Linux Enterprise Server 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod fat	Unix	CIS SUSE Linux Enterprise 15 Server L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod fat	Unix	CIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod fat	Unix	CIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod msdos	Unix	CIS SUSE Linux Enterprise Server 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod msdos	Unix	CIS SUSE Linux Enterprise 15 Server L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod msdos	Unix	CIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod msdos	Unix	CIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod vfat	Unix	CIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod vfat	Unix	CIS SUSE Linux Enterprise Server 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod vfat	Unix	CIS SUSE Linux Enterprise 15 Server L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod vfat	Unix	CIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - modprobe fat	Unix	CIS SUSE Linux Enterprise 15 Server L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - modprobe fat	Unix	CIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - modprobe fat	Unix	CIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - modprobe fat	Unix	CIS SUSE Linux Enterprise Server 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - modprobe msdos	Unix	CIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - modprobe msdos	Unix	CIS SUSE Linux Enterprise Server 12 L2 v3.1.0

Detections

Analytics