CMMC 2.13
CMMC Practices
Each practice, grouped by domain and cross-referenced to the NIST controls that support it.
Domain: CM — Configuration Managementclear ✕
12 practices
CM
Configuration Management12CM.L2-3.4.1System Baselining1 refL2CM.L2-3.4.2Security Configuration Enforcement1 refL2CM.L2-3.4.3System Change Management1 refL2CM.L2-3.4.4Security Impact Analysis1 refL2CM.L2-3.4.5Access Restrictions for Change1 refL2CM.L2-3.4.6Least Functionality1 refL2CM.L2-3.4.7Nonessential Functionality1 refL2CM.L2-3.4.8Application Execution Policy1 refL2CM.L2-3.4.9User-Installed Software1 refL2CM.L3-3.4.1eAuthoritative RepositoryL3CM.L3-3.4.2eAutomated Detection & RemediationL3CM.L3-3.4.3eAutomated InventoryL3
Looking for the underlying standards? Browse NIST SP 800-171, 800-172 & 800-53 →