STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 7 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← All Controls

CM-3

Configuration ManagementRev 5

Configuration Change Control

CCI Identifiers (15)

CCI-000313Determine and document the types of changes to the system that are configuration-controlled.CCI-000314Approve or disapprove configuration-controlled changes to the system, with explicit consideration for security impact analyses.CCI-000315The organization documents approved configuration-controlled changes to the system.CCI-000316Retain records of configuration-controlled changes to the system for an organization-defined time period.CCI-000317The organization reviews records of configuration-controlled changes to the system.CCI-000318Monitor and review activities associated with configuration-controlled changes to the system.CCI-000319Coordinate and provides oversight for configuration change control activities through an organization-defined configuration change control element that convenes at the organization-defined frequency, and/or for any organization-defined configuration change conditions.CCI-000320Defines the frequency with which to convene the configuration change control element.CCI-000321Defines configuration change conditions that prompt the configuration change control element to convene.CCI-001586Defines the configuration change control element responsible for coordinating and providing oversight for configuration change control activities.CCI-001740Review proposed configuration-controlled changes to the system.CCI-001741Document configuration change decisions associated with the system.CCI-001819Implement approved configuration-controlled changes to the system.CCI-002056Defines the time period the records of configuration-controlled changes are to be retained.CCI-003912Approve or disapprove configuration-controlled changes to the system, with explicit consideration for privacy impact analyses.

Linked STIG Checks (13)

Across 5 STIGs. Click to expand.