NIST 800-53 REV 5 • CONFIGURATION MANAGEMENT

CM-6(2)Respond to Unauthorized Changes

Take the following actions in response to unauthorized changes to {{ insert: param, cm-06.02_odp.02 }}: {{ insert: param, cm-06.02_odp.01 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Responses to unauthorized changes to configuration settings include alerting designated organizational personnel, restoring established configuration settings, or—in extreme cases—halting affected system processing.

Practitioner Notes

This enhancement requires your system to automatically respond to unauthorized configuration changes — not just detect them, but take action.

Example 1: Configure Microsoft Defender for Endpoint to automatically quarantine a device that falls out of compliance with your security baseline until it is remediated.

Example 2: Set up Azure Policy with DeployIfNotExists effects to automatically remediate non-compliant resource configurations in your cloud environment.

More Configuration Management Controls

CM-1 Policy and Procedures CM-2 Baseline Configuration CM-2(1) Reviews and Updates CM-2(2) Automation Support for Accuracy and Currency