CMMC 2.0 • LEVEL 1 • CONFIGURATION MANAGEMENT

CM.L1-3.4.1Baseline Configuration

Develop and maintain under configuration control, a current baseline configuration of the system. Review and update the baseline configuration of the system annually or following significant system changes, security incidents, or new vulnerability disclosuresCMMC/STIG and when system components are installed or modified.

NIST 800-171 Mapping

NIST 800-53 Controls

CM-2CM-6CM-8CM-8(1)

Assessment Objectives

  • a current baseline configuration of the system is developed.
  • a current baseline configuration of the system is maintained under configuration control.
  • the baseline configuration of the system is updated annually or following significant system changes, security incidents, or new vulnerability disclosuresCMMC/STIG.
  • the baseline configuration of the system is reviewed when system components are installed or modified.
  • the baseline configuration of the system is updated when system components are installed or modified.
  • the baseline configuration of the system is reviewed annually or following significant system changes, security incidents, or new vulnerability disclosuresCMMC/STIG.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

CM.L1-3.4.2 Configuration Settings CM.L2-3.4.3 Configuration Change Control CM.L2-3.4.4 Impact Analyses CM.L2-3.4.5 Access Restrictions for Change