controlCM-5

Access Restrictions for Change (CM-5)

Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system.

Security Baselines

LOWMODERATEHIGH

configurationbaselineschange-control

Why These Connect

Baselined In3

This control is included in the linked security baseline (LOW, MODERATE, or HIGH).

Supports37

These related controls work together — a change to one may affect the others.

Enhances7

These enhancements add specific capabilities or refinements to the base control.

Related Controls(22)

AC-2Account Management (AC-2)

LMH

AC-3Access Enforcement (AC-3)

LMH

AC-5Separation of Duties (AC-5)

AC-6Least Privilege (AC-6)

AU-2Event Logging (AU-2)

LMH

AU-6Audit Record Review, Analysis, and Reporting (AU-6)

LMH

AU-7Audit Record Reduction and Report Generation (AU-7)

AU-12Audit Record Generation (AU-12)

LMH

CM-2Baseline Configuration (CM-2)

LMH

CM-3Configuration Change Control (CM-3)

CM-9Configuration Management Plan (CM-9)

PE-3Physical Access Control (PE-3)

LMH

SC-28Protection of Information at Rest (SC-28)

SC-34Non-modifiable Executable Programs (SC-34)SC-37Out-of-band Channels (SC-37)SI-2Flaw Remediation (SI-2)

LMH

SI-10Information Input Validation (SI-10)

CM-6Configuration Settings (CM-6)

LMH

CM-7Least Functionality (CM-7)

LMH

CM-11User-installed Software (CM-11)

LMH

MA-2Controlled Maintenance (MA-2)

LMH

SI-12Information Management and Retention (SI-12)

LMH

Control Enhancements(7)

CM-5(1)Automated Access Enforcement and Audit Records (CM-5(1))

CM-5(2)Review System Changes (CM-5(2))W

CM-5(3)Signed Components (CM-5(3))W

CM-5(4)Dual Authorization (CM-5(4))

CM-5(5)Privilege Limitation for Production and Operation (CM-5(5))

CM-5(6)Limit Library Privileges (CM-5(6))

CM-5(7)Automatic Implementation of Security Safeguards (CM-5(7))W