CM-5 (2) Access Restrictions For Change | Review System Changes
The organization reviews information system changes [Assignment: organization-defined frequency] and [Assignment: organization-defined circumstances] to determine whether unauthorized changes have occurred.
Applicable CNSSI 1253 Baselines
Confidentiality
- L
- M
- H
Integrity
- L
- M
- H
Availability
- L
- M
- H
Supplemental Guidance
Indications that warrant review of information system changes and the specific circumstances justifying such reviews may be obtained from activities carried out by organizations during the configuration change process.