CMMC 2.0 • LEVEL 1 • CONFIGURATION MANAGEMENT

CM.L1-3.4.2Configuration Settings

Establish, document, and implement the following configuration settings for the system that reflect the most restrictive mode consistent with operational requirements: the Change Control Board (CCB) or designated Configuration Manager with ISSM concurrenceCMMC/STIG . Identify, document, and approve any deviations from established configuration settings.

NIST 800-171 Mapping

NIST 800-53 Controls

CM-2CM-6CM-8CM-8(1)

Assessment Objectives

  • the following configuration settings for the system that reflect the most restrictive mode consistent with operational requirements are established and documented: the Change Control Board (CCB) or designated Configuration Manager with ISSM concurrenceCMMC/STIG.
  • any deviations from established configuration settings are identified and documented.
  • any deviations from established configuration settings are approved.
  • the following configuration settings for the system are implemented: the Change Control Board (CCB) or designated Configuration Manager with ISSM concurrenceCMMC/STIG.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

CM.L1-3.4.1 Baseline Configuration CM.L2-3.4.3 Configuration Change Control CM.L2-3.4.4 Impact Analyses CM.L2-3.4.5 Access Restrictions for Change