CMMC 2.0 • LEVEL 2 • CONFIGURATION MANAGEMENT

CM.L2-3.4.4Impact Analyses

Analyze changes to the system to determine potential security impacts prior to change implementation. Verify that the security requirements for the system continue to be satisfied after the system changes have been implemented.

NIST 800-171 Mapping

NIST 800-53 Controls

CM-3(2)

Assessment Objectives

  • the security requirements for the system continue to be satisfied after the system changes have been implemented.
  • changes to the system are analyzed to determine potential security impacts prior to change implementation.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

CM.L1-3.4.1 Baseline Configuration CM.L1-3.4.2 Configuration Settings CM.L2-3.4.3 Configuration Change Control CM.L2-3.4.5 Access Restrictions for Change