|cm 6 technical security policy standard||0.76||0.4||6618||99|
CM-6c. CM-6d. Monitors and controls changes to the configuration settings in accordance with organizational policies and procedures. Configuration settings are the set of parameters that can be changed in hardware, software, or firmware components of the information system that affect the security posture and/or functionality of the system.What are the information security and privacy control requirements structure?
4.2 Control Requirements Structure The CMS-tailored information security and privacy controls include and encompass the NIST, HHS, and IS2P control baselines and serve as the starting point for organizations in determining the appropriate controls and countermeasures necessary to protect their information systems.What are the implementation standards for security configurations?
Implementation Standards: High, Moderate, & Low: Std.1 – Baseline configurations will be distilled from government, industry, and vendor standards and best practices. Std.2 – Baseline configurations must include security updates. Std.3 –What minimum security configurations must be used for HHS-specific minimum security?
HHS-specific minimum security configurations must be used for the following OS and Applications: 1. HHS approved USGCB Windows Standards (e.g., Microsoft supported versions only); and 2. Blackberry Server - Websense.