Back

Disseminate and communicate the configuration management procedures to interested personnel and affected parties.


CONTROL ID
14139
CONTROL TYPE
Communicate
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain configuration management procedures., CC ID: 14074

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Personnel are advised of security risks associated with posting personal information to online services and are encouraged to use any available privacy settings to restrict who can view such information. (Security Control: 0821; Revision: 3, Australian Government Information Security Manual, March 2021)
  • Personnel are advised of security risks associated with posting personal information to online services and are encouraged to use any available privacy settings to restrict who can view such information. (Control: ISM-0821; Revision: 3, Australian Government Information Security Manual, June 2023)
  • Personnel are advised of security risks associated with posting personal information to online services and are encouraged to use any available privacy settings to restrict who can view such information. (Control: ISM-0821; Revision: 3, Australian Government Information Security Manual, September 2023)
  • Known to all affected parties. (2.1.1 Bullet 4, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
  • Known to all affected parties. (2.1.1 Bullet 4, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Known to all affected parties. (2.1.1 Bullet 4, Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Known to all affected parties. (2.1.1 Bullet 4, Self-Assessment Questionnaire C-VT and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Known to all affected parties. (2.1.1 Bullet 4, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Known to all affected parties. (2.1.1 Bullet 4, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and (CM-1a.2., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and (CM-1a.2., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and (CM-1a.2., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and (CM-1a.2., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and (CM-1a.2. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and (CM-1a.2. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and (CM-1a.2. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Procedures to facilitate the implementation of the configuration management policy and the associated configuration management controls; (CM-1a.2., FedRAMP Security Controls High Baseline, Version 5)
  • Procedures to facilitate the implementation of the configuration management policy and the associated configuration management controls; (CM-1a.2., FedRAMP Security Controls Low Baseline, Version 5)
  • Procedures to facilitate the implementation of the configuration management policy and the associated configuration management controls; (CM-1a.2., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Procedures to facilitate the implementation of the configuration management policy and the associated configuration management controls; (CM-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Procedures to facilitate the implementation of the configuration management policy and the associated configuration management controls; (CM-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Procedures to facilitate the implementation of the configuration management policy and the associated configuration management controls; (CM-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Procedures to facilitate the implementation of the configuration management policy and the associated configuration management controls; (CM-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • Procedures to facilitate the implementation of the configuration management policy and the associated configuration management controls; (CM-1a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • Procedures to facilitate the implementation of the configuration management policy and the associated configuration management controls; (CM-1a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
  • Procedures to facilitate the implementation of the configuration management policy and the associated configuration management controls; (CM-1a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Procedures to facilitate the implementation of the configuration management policy and the associated configuration management controls; (CM-1a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and (CM-1a.2. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and (CM-1a.2. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and (CM-1a.2. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and (CM-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and (CM-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and (CM-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and (CM-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Procedures to facilitate the implementation of the configuration management policy and the associated configuration management controls; (CM-1a.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Procedures to facilitate the implementation of the configuration management policy and the associated configuration management controls; (CM-1a.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and (CM-1a.2., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
  • Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and (CM-1a.2., TX-RAMP Security Controls Baseline Level 1)
  • Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and (CM-1a.2., TX-RAMP Security Controls Baseline Level 2)