NIST 800-53 REV 5 • CONFIGURATION MANAGEMENT

CM-12(1)Automated Tools to Support Information Location

Use automated tools to identify {{ insert: param, cm-12.01_odp.01 }} on {{ insert: param, cm-12.01_odp.02 }} to ensure controls are in place to protect organizational information and individual privacy.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

The use of automated tools helps to increase the effectiveness and efficiency of the information location capability implemented within the system. Automation also helps organizations manage the data produced during information location activities and share such information across the organization. The output of automated information location tools can be used to guide and inform system architecture and design decisions.

Practitioner Notes

This enhancement requires automated tools to help you discover and track where information is stored — manual data hunts miss too much.

Example 1: Deploy Microsoft Purview DLP with content inspection policies to automatically discover files containing sensitive data patterns (SSNs, credit card numbers, CUI markings).

Example 2: Use Varonis or Netwrix to automatically scan file servers and SharePoint for sensitive data, generating reports on where it resides and who has access.

More Configuration Management Controls

CM-1 Policy and Procedures CM-2 Baseline Configuration CM-2(1) Reviews and Updates CM-2(2) Automation Support for Accuracy and Currency