>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CFM-07Configuration Checks

>Control Description

Organization uses mechanisms to detect deviations from baseline configurations on production environments.

Theme

Technology

Type

Detective

Policy/Standard

Infrastructure Management Policy

>Implementation Guidance

1. Ensure that security hardening and configuration baselines are being monitored for in-scope servers. 2. Deviations shall be generated for in-scope servers for which remediations shall be tracked to closure. 3. Design a process for security hardening and configuration baselines checks being accurate and updated at least annually.

>Testing Procedure

1. Validate that security hardening and configuration baselines are being monitored for in-scope servers. 2. Validate that deviations are being generated for in-scope servers and remediations are tracked to closure. 3. Validate that the security hardening and configuration baselines checks are accurate and updated at least annually.

>Audit Artifacts

E-CFM-11
E-CFM-05

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

ISO 27002:2022
1

8.18

FedRAMP Rev 5
5

CM-06
CM-07
CM-06 (01)
CM-09
SA-10

PCI DSS
2

11.6
11.6.1

HIPAA Security Rule
1

164.308(a)(5)(ii)(B)

SOC 2
2

CC6.8
CC7.1

BSI C5
6

AM-03
COS-03
OIS-04
OPS-04
OPS-05
OPS-23

TX-RAMP
4

CM-6
CM-7
CM-9
SA-10

Ask AI

Configure your API key to use AI features.