NIST 800-53 REV 5 • CONFIGURATION MANAGEMENT

CM-5(7)Automatic Implementation of Security Safeguards

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Practitioner Notes

This enhancement was incorporated into SI-7. It previously required automatic implementation of security safeguards when unauthorized changes were detected.

Example 1: Configure Desired State Configuration (DSC) to automatically revert critical settings to their approved state when drift is detected.

Example 2: Use AWS Config auto-remediation to automatically restore S3 bucket policies if they are changed to allow public access.

More Configuration Management Controls

CM-1 Policy and Procedures CM-2 Baseline Configuration CM-2(1) Reviews and Updates CM-2(2) Automation Support for Accuracy and Currency