38North Security LLC

Configuration Management (CM)

These pages are classified as INTERNAL. All information contained herein is confidential to 38North Security. Do NOT share this information or any subset of it outside of 38North Security without the permission of the 38North Security President and confirmation that a valid NDA is in place.

CM-1 CONFIGURATION MANAGEMENT POLICY AND PROCEDURES

CM-2 BASELINE CONFIGURATION

CM-2 (1) BASELINE CONFIGURATION | REVIEWS AND UPDATES

CM-2 (2) BASELINE CONFIGURATION | AUTOMATION SUPPORT FOR ACCURACY / CURRENCY

CM-2 (3) BASELINE CONFIGURATION | RETENTION OF PREVIOUS CONFIGURATIONS

CM-2 (7) BASELINE CONFIGURATION | CONFIGURE SYSTEMS, COMPONENTS, OR DEVICES FOR HIGH-RISK AREAS

CM-3 CONFIGURATION CHANGE CONTROL

CM-3 (1) CONFIGURATION CHANGE CONTROL | AUTOMATED DOCUMENT / NOTIFICATION / PROHIBITION OF CHANGES

CM-3 (2) CONFIGURATION CHANGE CONTROL | TEST / VALIDATE / DOCUMENT CHANGES

CM-3 (4) CONFIGURATION CHANGE CONTROL | SECURITY REPRESENTATIVE

CM-3 (6) CONFIGURATION CHANGE CONTROL | CRYPTOGRAPHY MANAGEMENT

CM-4 SECURITY IMPACT ANALYSIS

CM-4 (1) SECURITY IMPACT ANALYSIS | SEPARATE TEST ENVIRONMENTS

CM-5 ACCESS RESTRICTIONS FOR CHANGE

CM-5 (1) ACCESS RESTRICTIONS FOR CHANGE | AUTOMATED ACCESS ENFORCEMENT / AUDITING

CM-5 (2) ACCESS RESTRICTIONS FOR CHANGE | REVIEW SYSTEM CHANGES

CM-5 (3) ACCESS RESTRICTIONS FOR CHANGE | SIGNED COMPONENTS

CM-5 (5) ACCESS RESTRICTIONS FOR CHANGE | LIMIT PRODUCTION / OPERATIONAL PRIVILEGES

CM-6 CONFIGURATION SETTINGS

CM-6 (1) CONFIGURATION SETTINGS | AUTOMATED CENTRAL MANAGEMENT / APPLICATION / VERIFICATION

CM-6 (2) CONFIGURATION SETTINGS | RESPOND TO UNAUTHORIZED CHANGES

CM-7 LEAST FUNCTIONALITY

CM-7 (1) LEAST FUNCTIONALITY | PERIODIC REVIEW

CM-7 (2) LEAST FUNCTIONALITY | PREVENT PROGRAM EXECUTION

CM-7 (5) LEAST FUNCTIONALITY | AUTHORIZED SOFTWARE / WHITELISTING

CM-8 INFORMATION SYSTEM COMPONENT INVENTORY

CM-8 (1) INFORMATION SYSTEM COMPONENT INVENTORY | UPDATES DURING INSTALLATIONS / REMOVALS

CM-8 (2) INFORMATION SYSTEM COMPONENT INVENTORY | AUTOMATED MAINTENANCE

CM-8 (3) INFORMATION SYSTEM COMPONENT INVENTORY | AUTOMATED UNAUTHORIZED COMPONENT DETECTION

CM-8 (4) INFORMATION SYSTEM COMPONENT INVENTORY | ACCOUNTABILITY INFORMATION

CM-8 (5) INFORMATION SYSTEM COMPONENT INVENTORY | NO DUPLICATE ACCOUNTING OF COMPONENTS

CM-9 CONFIGURATION MANAGEMENT PLAN

CM-10 SOFTWARE USAGE RESTRICTIONS

CM-10 (1) SOFTWARE USAGE RESTRICTIONS | OPEN SOURCE SOFTWARE

CM-11 USER-INSTALLED SOFTWARE

CM-11 (1) USER-INSTALLED SOFTWARE | ALERTS FOR UNAUTHORIZED INSTALLATIONS

Page updated

Report abuse