CM
Configuration Management
Establishes and maintains baseline configurations and inventories of organizational systems throughout their lifecycle.
Family stats
Controls
9
Objectives
44
L1
0
L2 only
9
9 controls in this family
All
Level 1
Level 2 only
3.4.1
Establish and maintain baseline configurations and inventories of organizational systems (including...
L2
›
3.4.2
Establish and enforce security configuration settings for information technology products employed...
L2
›
3.4.3
Track, review, approve or disapprove, and log changes to organizational systems.
L2
›
3.4.4
Analyze the security impact of changes prior to implementation.
L2
›
3.4.5
Define, document, approve, and enforce physical and logical access restrictions associated with...
L2
›
3.4.6
Employ the principle of least functionality by configuring organizational systems to provide only...
L2
›
3.4.7
Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and...
L2
›
3.4.8
Apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or...
L2
›
3.4.9
Control and monitor user-installed software.
L2
›
Begin the conversation
Your contract eligibility is on a clock. Let’s get to work.
A 30-minute scoping call with a senior consultant. No pitch. We listen, scope honestly, and tell you what we’d do — including whether we are the right fit.
Request a scoping call →