NIST 800-53 Rev. 5

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
PT
RA
SA
SC
SI
SR
CM-1
CM-2
CM-11(1)
CM-2(2)
CM-2(3)
CM-2(1)
CM-2(4)
CM-2(6)
CM-2(7)
CM-3
CM-3(1)
CM-3(2)
CM-3(3)
CM-3(4)
CM-3(5)
CM-3(6)
CM-3(7)
CM-3(8)
CM-4
CM-4(1)
CM-4(2)
CM-5
CM-5(1)
CM-2(5)
CM-5(2)
CM-5(4)
CM-5(5)
CM-5(6)
CM-5(3)
CM-6
CM-6(1)
CM-6(2)
CM-5(7)
CM-6(3)
CM-7
CM-7(1)
CM-7(2)
CM-7(3)
CM-7(4)
CM-7(5)
CM-7(6)
CM-7(7)
CM-7(8)
CM-7(9)
CM-8
CM-8(1)
CM-8(2)
CM-8(3)
CM-8(4)
CM-6(4)
CM-8(6)
CM-8(7)
CM-8(8)
CM-8(9)
CM-9
CM-9(1)
CM-10
CM-10(1)
CM-11
CM-8(5)
CM-11(2)
CM-11(3)
CM-12
CM-12(1)
CM-13
CM-14

CM-5(1): Access Restrictions for Change | Automated Access Enforcement and Audit Records

Control Text:

(a) Enforce access restrictions using [Assignment: organization-defined automated mechanisms]; and (b) Automatically generate audit records of the enforcement actions.

Organizations log system accesses associated with applying configuration changes to ensure that configuration change control is implemented and to support after-the-fact actions should organizations discover any unauthorized changes.

Related Controls