>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CM-8(1)System Component Inventory | Updates During Installation and Removal

IL4 Mod
IL4 High
IL5
IL6

>Control Description

Update the inventory of system components as part of component installations, removals, and system updates.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Organizations can improve the accuracy, completeness, and consistency of system component inventories if the inventories are updated as part of component installations or removals or during general system updates. If inventories are not updated at these key times, there is a greater likelihood that the information will not be appropriately captured and documented. System updates include hardware, software, and firmware components.

>Programmatic Queries

Beta

Related Services

AWS Config
AWS Systems Manager

CLI Commands

Enable AWS Config to track resource changes
aws configservice put-delivery-channel --delivery-channel name=default,s3BucketName=config-bucket --region us-east-1
Create Config rule for inventory tracking
aws configservice put-config-rule --config-rule file://inventory-tracking-rule.json --region us-east-1
Query Config timeline for instance changes
aws configservice get-resource-config-history --resource-type AWS::EC2::Instance --chronological-order Reverse --region us-east-1
Get inventory from Systems Manager
aws ssm describe-inventory-entries --instance-id i-1234567890abcdef0 --type-name AWS:Application --region us-east-1
Open AWS ConsoleDocumentation

>Related Controls

PM-16

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of CM-8(1) (Updates During Installation And Removal)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring CM-8(1)?
  • How frequently is the CM-8(1) policy reviewed and updated, and what triggers policy changes?
  • What training or awareness programs ensure personnel understand their responsibilities related to CM-8(1)?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce CM-8(1) requirements.
  • What automated tools, systems, or technologies are deployed to implement CM-8(1)?
  • How is CM-8(1) integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce CM-8(1) requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of CM-8(1)?
  • What audit logs, records, reports, or monitoring data validate CM-8(1) compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of CM-8(1) effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate CM-8(1) compliance?

Ask AI

Configure your API key to use AI features.