NIST 800-53 REV 5 • CONFIGURATION MANAGEMENT

CM-5(2)Review System Changes

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Practitioner Notes

This enhancement was incorporated into SI-7. It previously required reviewing system changes to detect unauthorized modifications.

Example 1: Use Tripwire or OSSEC file integrity monitoring to detect unauthorized changes to critical system files and configuration files.

Example 2: Run weekly comparison reports between your documented baseline and actual system configurations using SCAP tools to identify unauthorized modifications.

More Configuration Management Controls

CM-1 Policy and Procedures CM-2 Baseline Configuration CM-2(1) Reviews and Updates CM-2(2) Automation Support for Accuracy and Currency