Control statement
a. Develop, document, and maintain under configuration control, a current baseline configuration of the system; and
b. Review and update the baseline configuration of the system:
1. {{ insert: param, cm-02_odp.01 }};
2. When required due to {{ insert: param, cm-02_odp.02 }} ; and
3. When system components are installed or upgraded.
(b) (1) Guidance: Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F. Parameter placeholders {{ insert: param, … }} reference FedRAMP-set values in the resolved profile. Full parameter map is
preserved in the catalog database.
Covered by these Key Security Indicators
| KSI | Title | Category |
|---|---|---|
| KSI-CMT-02 | Redeployment Execute changes to _machine-based_ _information resources_ through redeployment of version controlled immutable resources rather than direct modification wherever possible. | Change Management |
| KSI-CNA-04 | Immutable Infrastructure Use immutable infrastructure with strictly defined functionality and privileges by default. | Cloud Native Architecture |
| KSI-CNA-07 | Best Practices _Persistently_ ensure cloud-native _machine-based_ _information resources_ are implemented based on the host provider's best practices and documented guidance. | Cloud Native Architecture |
| KSI-MLA-05 | Evaluate Configuration _Persistently_ evaluate and test the configuration of _machine-based_ _information resources_, especially infrastructure as code. | Monitoring, Logging, and Auditing |
| KSI-SVC-04 | Configuration Automation Manage configuration of machine-based information resources using automation. | Service Configuration |