N
|
controlCM-2

Baseline Configuration (CM-2)

Develop, document, and maintain under configuration control, a current baseline configuration of the system; and Review and update the baseline configuration of the system:

Security Baselines

LOWMODERATEHIGH
configurationbaselineschange-control

Why These Connect

Baselined In3

This control is included in the linked security baseline (LOW, MODERATE, or HIGH).

Supports32

These related controls work together — a change to one may affect the others.

Mitigates4

This control helps defend against or reduce the risk of the linked threat technique.

Enhances7

These enhancements add specific capabilities or refinements to the base control.

Related Controls(24)

AC-19Access Control for Mobile Devices (AC-19)
LMH
AU-6Audit Record Review, Analysis, and Reporting (AU-6)
LMH
CA-9Internal System Connections (CA-9)
LMH
CM-1Policy and Procedures (CM-1)
LMH
CM-3Configuration Change Control (CM-3)
MH
CM-5Access Restrictions for Change (CM-5)
LMH
CM-6Configuration Settings (CM-6)
LMH
CM-8System Component Inventory (CM-8)
LMH
CM-9Configuration Management Plan (CM-9)
MH
CP-9System Backup (CP-9)
LMH
CP-10System Recovery and Reconstitution (CP-10)
LMH
CP-12Safe Mode (CP-12)MA-2Controlled Maintenance (MA-2)
LMH
PL-8Security and Privacy Architectures (PL-8)
MH
PM-5System Inventory (PM-5)SA-8Security and Privacy Engineering Principles (SA-8)
LMH
SA-10Developer Configuration Management (SA-10)
MH
SA-15Development Process, Standards, and Tools (SA-15)
MH
SC-18Mobile Code (SC-18)
MH
CM-7Least Functionality (CM-7)
LMH
CM-11User-installed Software (CM-11)
LMH
RA-5Vulnerability Monitoring and Scanning (RA-5)
LMH
SC-3Security Function Isolation (SC-3)
H
SC-7Boundary Protection (SC-7)
LMH

Threat Coverage(4 ATT&CK techniques)

T1547Boot or Logon Autostart ExecutionT1505Server Software ComponentT1003OS Credential DumpingT1005Data from Local System

Control Enhancements(7)

CM-2(1)Reviews and Updates (CM-2(1))W
CM-2(2)Automation Support for Accuracy and Currency (CM-2(2))
MH
CM-2(3)Retention of Previous Configurations (CM-2(3))
MH
CM-2(4)Unauthorized Software (CM-2(4))W
CM-2(5)Authorized Software (CM-2(5))W
CM-2(6)Development and Test Environments (CM-2(6))
CM-2(7)Configure Systems and Components for High-risk Areas (CM-2(7))
MH

See Also

@SP 800-53 OverviewCompare Baselines