Reporting Requirements
Per NIST SP 800-53, “configuration management policy and procedures address the controls in the CM family that are implemented within systems and organizations. The risk management strategy is an important factor in establishing such policies and procedures.”
Specifically, Per CM-1 of NIST SP 800-53, organizations are to “...develop, document, and disseminate…” a configuration management policy and procedure. Additionally, within the CM family itself (i.e., CM-1 to CM-14) there are numerous controls that also require organizations to document how such controls are implemented. The keyword here is “document”, which means you need a policy for CM-1.
Specifically, Per CM-1 of NIST SP 800-53, organizations are to “...develop, document, and disseminate…” a configuration management policy and procedure. Additionally, within the CM family itself (i.e., CM-1 to CM-14) there are numerous controls that also require organizations to document how such controls are implemented. The keyword here is “document”, which means you need a policy for CM-1.
How to Get Started
Start by downloading our world-class configuration management policy and procedures template, along with additional NIST RMF information security and privacy policies and procedures at the Arlington Security Portal (ASP).
