CM-5(1): Access Restrictions for Change | Automated Access Enforcement and Audit Records

CM-5(1): Access Restrictions for Change | Automated Access Enforcement and Audit Records ()

(a) Enforce access restrictions using [Assignment: organization-defined automated mechanisms]; and 
(b) Automatically generate audit records of the enforcement actions.


Control Identifier	CM-5(1)
Latest Sync Date	19/12/24 09:18:14
Discussion	Organizations log system accesses associated with applying configuration changes to ensure that configuration change control is implemented and to support after-the-fact actions should organizations discover any unauthorized changes.
Related Controls	AU-2, AU-6, AU-7, AU-12, CM-6, CM-11, SI-12.



NIST 800-53 Controls Catalogue