Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization employs automated mechanisms to centrally manage, apply, and verify configuration settings for [Assignment: organization-defined information system components].
NIST 800-53 (r4) Supplemental Guidance:
Related controls: CA-7, CM-4.
NIST 800-53 (r5) Discussion:
Automated tools (e.g., hardening tools, baseline configuration tools) can improve the accuracy, consistency, and availability of configuration settings information. Automation can also provide data aggregation and data correlation capabilities, alerting mechanisms, and dashboards to support risk-based decision-making within the organization.
38North Guidance:
Meets Minimum Requirement:
Employ automated mechanisms (e.g., tooling such as Ansible, Chef, Puppet, Terraform, Salt, Helm Charts, AWS CloudFormation, AWS Config, Cloud-Init, Python Script, Jenkins, etc.) to centrally manage, apply, and verify configuration settings.
Document how each automated mechanism is utilized to meet this control.
Best Practice:
Integrate automated mechanisms into an automated Continuous Integration and Continuous Deployment workflow (i.e., pipeline).
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Evidence and/or configuration settings of automated mechanisms (e.g., tooling such as Ansible) used to centrally manage, apply, and verify configuration settings
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse