Configuration Management - Level 2
CMMC CM.2.066 - Analyze System Change Security Impact
Requirement text: CM.2.066: Analyze the security impact of changes prior to implementation. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Organizational personnel with information security responsibilities (e.g., system administrators, system ...
CMMC CM.2.065 - Manage System Changes
Requirement text: CM.2.065: Track, review, approve, or disapprove, and log changes to organizational systems. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Tracking, reviewing, approving/disapproving, and logging changes is called configuration ...
CMMC CM.2.064 - Enforce System Configuration
Requirement text: CM.2.064: Establish and enforce security configuration settings for information technology products employed in organizational systems. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Configuration settings are the set of ...
CMMC CM.2.063 - Control User Software
Requirement text: CM.2.063: Control and monitor user-installed software. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Users can install software in organizational systems if provided the necessary privileges. To maintain control over the software ...
CMMC CM.2.062 - Employ Least Functionality
Requirement text: CM.2.062: Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Systems can provide a wide variety of functions and ...
CMMC CM.2.061 - Establish Baseline System Configuration
Requirement text: CM.2.061: Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. DISCUSSION FROM ...