>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CM-3Configuration Change Control

>Control Description

a

Determine and document the types of changes to the system that are configuration-controlled;

b

Review proposed configuration-controlled changes to the system and approve or disapprove such changes with explicit consideration for security and privacy impact analyses;

c

Document configuration change decisions associated with the system;

d

Implement approved configuration-controlled changes to the system;

e

Retain records of configuration-controlled changes to the system for organization-defined time period;

f

Monitor and review activities associated with configuration-controlled changes to the system; and

g

Coordinate and provide oversight for configuration change control activities through organization-defined configuration change control element that convenes [Selection (one or more): organization-defined frequency; when organization-defined configuration change conditions].

>Related Controls

CA-7
CM-2
CM-4
CM-5
CM-6
CM-9
CM-11
IA-3
MA-2
PE-16
PT-6
RA-8
SA-8
SA-10
SC-28
SC-34
SC-37
SI-2
SI-3
SI-4
SI-7
SI-10
SR-11

Ask AI

Configure your API key to use AI features.