|
controlCM-12
Information Location (CM-12)
Identify and document the location of [organization-defined] and the specific system components on which the information is processed and stored; Identify and document the users who have access to the system and system components where the information is processed and stored; and Document changes to the location (i.e., system or system components) where the information is processed and stored.
Security Baselines
MODERATEHIGHLOW
configurationbaselineschange-control
Why These Connect
Baselined In2
This control is included in the linked security baseline (LOW, MODERATE, or HIGH).
Supports18
These related controls work together — a change to one may affect the others.
Enhances1
These enhancements add specific capabilities or refinements to the base control.
Related Controls(17)
AC-2Account Management (AC-2)
LMH
AC-3Access Enforcement (AC-3)LMH
AC-4Information Flow Enforcement (AC-4)MH
AC-6Least Privilege (AC-6)MH
AC-23Data Mining Protection (AC-23)CM-8System Component Inventory (CM-8)LMH
PM-5System Inventory (PM-5)RA-2Security Categorization (RA-2)LMH
SA-4Acquisition Process (SA-4)LMH
SA-8Security and Privacy Engineering Principles (SA-8)LMH
SA-17Developer Security and Privacy Architecture and Design (SA-17)H
SC-4Information in Shared System Resources (SC-4)MH
SC-16Transmission of Security and Privacy Attributes (SC-16)SC-28Protection of Information at Rest (SC-28)MH
SI-4System Monitoring (SI-4)LMH
SI-7Software, Firmware, and Information Integrity (SI-7)MH
CM-13Data Action Mapping (CM-13)