CM-3(7): Review System Changes
Control Family:
Parent Control:
Threats Addressed:
Baselines:
(Not part of any baseline)
Control is new to this version of the control set and incorporates the following control from the previous version: CM-5(2): Review System Changes.
Control Statement
Review changes to the system [Assignment: organization-defined frequency] or when [Assignment: organization-defined circumstances] to determine whether unauthorized changes have occurred.
Supplemental Guidance
Indications that warrant a review of changes to the system and the specific circumstances justifying such reviews may be obtained from activities carried out by organizations during the configuration change process or continuous monitoring process.