STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 7 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← All Controls

CM-1

Configuration ManagementRev 5

Policy and Procedures

CCI Identifiers (26)

CCI-000286Defines the frequency with which to review and update the configuration management policies.CCI-000287Develop and document an organization-level; mission/business process-level; and/or system-level configuration management policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.CCI-000288The organization disseminates formal, documented configuration management policy to elements within the organization having associated configuration management roles and responsibilities.CCI-000289Review and update, on an organization-defined frequency, the configuration management policy.CCI-000290Develop and document procedures to facilitate the implementation of the organization-level; mission/business process-level; and/or system-level configuration management policy and the associated configuration management controls.CCI-000291The organization disseminates formal, documented procedures to facilitate the implementation of the configuration management policy and associated configuration management controls.CCI-000292Review and update, on an organization-defined frequency, the procedures to facilitate the implementation of the organization-level; mission/business process-level; and/or system-level configuration management policy and associated configuration management controls.CCI-001584Defines the frequency with which to review and update configuration management procedures.CCI-001820The organization documents a configuration management policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.deprecated CCI-001821Defines the organizational personnel or roles to whom the organization-level; mission/business process-level; and/or system-level configuration management policy is to be disseminated.CCI-001822Disseminate the organization-level; mission/business process-level; and/or system-level configuration management policy to organization-defined personnel or roles.CCI-001823The organization documents the procedures to facilitate the implementation of the configuration management policy and associated configuration management controls.deprecated CCI-001824Defines the organizational personnel or roles to whom the organization-level; mission/business process-level; and/or system-level configuration management procedures are to be disseminated.CCI-001825Disseminate to organization-defined personnel or roles the procedures to facilitate the implementation of the organization-level; mission/business process-level; and/or system-level configuration management policy and associated configuration management controls.CCI-003897Develop and document an organization-level; mission/business process-level; and/or system-level configuration management policy that is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines.CCI-003898Defines the official to manage the development, documentation, and dissemination of the configuration management policy.CCI-003899Designate an organization-defined official to manage the development and documentation of the configuration management policy.CCI-003900Designate an organization-defined official to manage the dissemination of the configuration management policy.CCI-003901Defines the official to manage the development, documentation, and dissemination of the configuration management procedures.CCI-003902Designate an organization-defined official to manage the development and documentation of the configuration management procedures.CCI-003903Designate an organization-defined official to manage the dissemination of the configuration management procedures.CCI-003904Review and update the configuration management policy following organization-defined events.CCI-003905Defines the events for when the policy will be reviewed and updated.CCI-003906Review and update, on an organization-defined frequency, the current configuration management procedures.CCI-003907Review and update the configuration management procedures following organization-defined events.CCI-003908Defines the events for when the procedures will be reviewed and updated.

Linked STIG Checks (1)

Across 1 STIGs. Click to expand.