NIST 800-53 REV 5 • CONFIGURATION MANAGEMENT

CM-3(5)Automated Security Response

Implement the following security responses automatically if baseline configurations are changed in an unauthorized manner: {{ insert: param, cm-03.05_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Automated security responses include halting selected system functions, halting system processing, and issuing alerts or notifications to organizational personnel when there is an unauthorized modification of a configuration item.

Practitioner Notes

This enhancement requires the system to automatically respond to unauthorized configuration changes — such as reverting changes or alerting administrators.

Example 1: Use Desired State Configuration (DSC) in PowerShell to automatically revert server settings back to the approved baseline if someone makes unauthorized changes.

Example 2: Configure AWS Config auto-remediation rules to automatically revert security group changes that violate your approved firewall rules.

More Configuration Management Controls

CM-1 Policy and Procedures CM-2 Baseline Configuration CM-2(1) Reviews and Updates CM-2(2) Automation Support for Accuracy and Currency