CM-5(1): Automated Access Enforcement and Audit Records

Control Family:

Configuration Management

Parent Control:

CM-5: Access Restrictions for Change

CSF v1.1 References:

PR.IP-1

Threats Addressed:

Tampering

Baselines:

High

Previous Version:

NIST Special Publication 800-53 Revision 4:
CM-5(1): Automated Access Enforcement / Auditing

Control Statement

Enforce access restrictions using [Assignment: organization-defined automated mechanisms]; and
Automatically generate audit records of the enforcement actions.

Supplemental Guidance

Organizations log system accesses associated with applying configuration changes to ensure that configuration change control is implemented and to support after-the-fact actions should organizations discover any unauthorized changes.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5