CM-6

Configuration Settings

Configuration Management

The organization establishes and documents configuration settings for information technology products employed within the information system.

Medium PriorityAI-Relevant Control

Purpose

Establish and maintain secure configuration settings for all system components.

AI Relevance

Essential for securing AI system configurations, model parameters, and deployment settings to prevent unauthorized modifications.

Implementation Guidance

Use configuration management tools, implement security baselines, and establish configuration change control procedures.

Assessment

Review configuration settings, test configuration compliance, verify configuration documentation, and validate configuration controls.

Requirements

  • 1Establish configuration settings for information technology products
  • 2Document configuration settings for information technology products
  • 3Establish configuration settings for information system components
  • 4Document configuration settings for information system components
  • 5Establish configuration settings for information system applications
  • 6Document configuration settings for information system applications
  • 7Establish configuration settings for information system databases
  • 8Document configuration settings for information system databases
  • 9Establish configuration settings for information system networks
  • 10Document configuration settings for information system networks

Related Controls

CM-2: CM-2CM-3: CM-3CM-4: CM-4SI-4: System Monitoring

References

NIST SP 800-53 Rev 5NIST Cybersecurity Framework

Framework Context

NIST 800-53 Rev 5

Security and Privacy Controls for Federal Information Systems

Official Documentation →

NIST AI RMF

AI Risk Management Framework

AI RMF Documentation →

OWASP AISVS

AI Security Verification Standard

AISVS Documentation →