• Requirement

    1. Enforce access restrictions using [Assignment: organization-defined automated mechanisms]; and
    2. Automatically generate audit records of the enforcement actions.
  • Discussion

    Organizations log system accesses associated with applying configuration changes to ensure that configuration change control is implemented and to support after-the-fact actions should organizations discover any unauthorized changes.

More Info

  • Title

    Access Restrictions for Change | Automated Access Enforcement and Audit Records
  • Family

    Configuration Management
  • NIST 800-53B Baseline(s)

    • High
  • Related NIST 800-53 ID


NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!