STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 3 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← All Controls

CM-6

Configuration ManagementRev 4

Configuration Settings

CCI Identifiers (18)

CCI-000363The organization defines security configuration checklists to be used to establish and document configuration settings for the information system technology products employed.CCI-000364The organization establishes configuration settings for information technology products employed within the information system using organization-defined security configuration checklists.CCI-000365The organization documents configuration settings for information technology products employed within the information system using organization-defined security configuration checklists that reflect the most restrictive mode consistent with operational requirements.CCI-000366Implement the security configuration settings.CCI-000367Identify any deviations from the established configuration settings for organization-defined system components based on organization-defined operational requirements.CCI-000368Document any deviations from the established configuration settings for organization-defined system components based on organization-defined operational requirements.CCI-000369Approve any deviations from the established configuration settings for organization-defined system components based on organization-defined operational requirements.CCI-001503The organization controls changes to the configuration settings in accordance with organizational policies and procedures.CCI-001502The organization monitors changes to the configuration settings in accordance with organizational policies and procedures.CCI-001588The organization-defined security configuration checklists reflect the most restrictive mode consistent with operational requirements.CCI-001755Defines the system components for which any deviation from the established configuration settings are to be identified, documented, and approved.CCI-001756Defines the operational requirements on which the configuration settings for the organization-defined system components are to be based.CCI-003941Establish and document configuration settings for components employed within the system that reflect the most restrictive mode consistent with operational requirements using organization-defined common secure configurations.CCI-003942Defines the common secure configurations for establishing and documenting configuration settings within the system, that reflect the most restrictive mode consistent with operational requirements.CCI-003943Monitor changes to the configuration settings in accordance with organizational policies.CCI-003944Monitor changes to the configuration settings in accordance with organizational procedures.CCI-003945Control changes to the configuration settings in accordance with organizational policies.CCI-003946Control changes to the configuration settings in accordance with organizational procedures.

Linked STIG Checks (200)

Across 18 STIGs. Click to expand.