|
NIST 800-53 CM-4
Monitoring Configuration Changes |
Return to master list of NIST 800-53 controls.
Automated Inspection items for NIST SP 800-53 CM-4 assessment.Automated Inspection items are efficient enough that they can usually be part of a CA-7 Continuous Monitoring program on a daily (or in some cases hourly) basis, simultaneously meeting the requirements of RA-5 Vulnerability Scanning. While NIST 800-53 allows Continuous Monitoring results to be used for CA-2 Security Assessments and CA-4 Security Certification, a separate run using the same automated Inspection items in combination with more laborious items for CA-2 and CA-4 adds no significant burden. Depending on FIPS 199 impact level and whether the Industrial Control Systems (ICS/SCADA) subset of 800-53 is chosen, LJK/Security™ starter templates provide automated Inspection items as follows:
|
|||||||||||
Manual Inspection items for NIST SP 800-53 CM-4 assessment.Manual Inspection items are useful mainly for CA-2 Security Assessments and CA-4 Security Certification. For most environments they are too laborious to include in CA-7 Continuous Monitoring. Depending on FIPS 199 impact level and whether the Industrial Control Systems (ICS/SCADA) subset of 800-53 is chosen, LJK/Security™ starter templates provide Manual Inspection items in the following groups:
|
|||||||||||
Descriptions above apply to LJK/Security™ Version 3.0.
The notation NIST SP 800-53 above refers in particular to NIST Special Publication 800-53 Revision 2.
Those NIST Special Publications specify security standards in support of FISMA for US Federal Government civil activities.
Return to master list of NIST 800-53 controls.