2.4 KiB
| implementation-status | control-origination | |||||
|---|---|---|---|---|---|---|
|
|
cm-2 - [catalog] Baseline Configuration
Control Statement
-
[a] Develop, document, and maintain under configuration control, a current baseline configuration of the system; and
-
[b] Review and update the baseline configuration of the system:
- [1] frequency;
- [2] When required due to circumstances ; and
- [3] When system components are installed or upgraded.
Control guidance
Baseline configurations for systems and system components include connectivity, operational, and communications aspects of systems. Baseline configurations are documented, formally reviewed, and agreed-upon specifications for systems or configuration items within those systems. Baseline configurations serve as a basis for future builds, releases, or changes to systems and include security and privacy control implementations, operational procedures, information about system components, network topology, and logical placement of components in the system architecture. Maintaining baseline configurations requires creating new baselines as organizational systems change over time. Baseline configurations of systems reflect the current enterprise architecture.
Control assessment-objective
a current baseline configuration of the system is developed and documented; a current baseline configuration of the system is maintained under configuration control; the baseline configuration of the system is reviewed and updated frequency; the baseline configuration of the system is reviewed and updated when required due to circumstances; the baseline configuration of the system is reviewed and updated when system components are installed or upgraded.
What is the solution and how is it implemented?
Implementation a.
Add control implementation description here for item cm-2_smt.a
Implementation b.
Add control implementation description here for item cm-2_smt.b