NIST 800-53 REV 5 • CONFIGURATION MANAGEMENT

CM-8(4)Accountability Information

Include in the system component inventory information, a means for identifying by {{ insert: param, cm-08.04_odp }} , individuals responsible and accountable for administering those components.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Identifying individuals who are responsible and accountable for administering system components ensures that the assigned components are properly administered and that organizations can contact those individuals if some action is required (e.g., when the component is determined to be the source of a breach, needs to be recalled or replaced, or needs to be relocated).

Practitioner Notes

This enhancement requires your inventory to include accountability information — who owns each component, who is responsible for it, and how to contact them.

Example 1: In your ServiceNow CMDB, every asset record should include an assigned owner, department, location, and the name of the system it belongs to.

Example 2: Tag all Azure or AWS cloud resources with owner, cost center, environment, and system-of-record tags so every resource is traceable to a responsible person.

More Configuration Management Controls

CM-1 Policy and Procedures CM-2 Baseline Configuration CM-2(1) Reviews and Updates CM-2(2) Automation Support for Accuracy and Currency