CM-04 Monitoring Configuration Changes
Configuration Management
Description
The organization monitors changes to the information system conducting security impact analyses to determine the effects of the changes.\n
Supplemental Guidance
Prior to change implementation, and as part of the change approval process, the organization analyzes changes to the information system for potential security impacts. After the information system is changed (including upgrades and modifications), the organization checks the security features to verify that the features are still functioning properly. The organization audits activities associated with configuration changes to the information system. Monitoring configuration changes and conducting security impact analyses are important elements with regard to the ongoing assessment of security controls in the information system. Related security control: CA-7.\n
Changes from Rev 4
Title changed from 'Security Impact Analysis' Control text adds 'privacy'
Enhancements
(0) None.\n