CM — Configuration Management
24 controls in the Configuration Management family
CM-01Policy and Procedures
CM-02Baseline Configuration
CM-02(02)Baseline Configuration | Automation Support for Accuracy and Currency
CM-02(03)Baseline Configuration | Retention of Previous Configurations
CM-02(07)Baseline Configuration | Configure Systems and Components for High-risk Areas
CM-03Configuration Change Control
CM-03(02)Configuration Change Control | Testing, Validation, and Documentation of Changes
CM-03(04)Configuration Change Control | Security and Privacy Representatives
CM-04Impact Analyses
CM-05Access Restrictions for Change
CM-05(01)Access Restrictions for Change | Automated Access Enforcement and Audit Records
CM-05(05)Access Restrictions for Change | Privilege Limitation for Production and Operation
CM-06Configuration Settings
CM-06(01)Configuration Settings | Automated Management, Application, and Verification
CM-07Least Functionality
CM-07(01)Least Functionality | Periodic Review
CM-07(02)Least Functionality | Prevent Program Execution
CM-07(05)Least Functionality | Authorized Software — Allow-by-exception
CM-08System Component Inventory
CM-08(01)System Component Inventory | Updates During Installation and Removal
CM-08(03)System Component Inventory | Automated Unauthorized Component Detection
CM-09Configuration Management Plan
CM-10Software Usage Restrictions
CM-11User-installed Software