CM-5(5)
-
Requirement
- Limit privileges to change system components and system-related information within a production or operational environment; and
- Review and reevaluate privileges [Assignment: organization-defined frequency].
-
Discussion
In many organizations, systems support multiple mission and business functions. Limiting privileges to change system components with respect to operational systems is necessary because changes to a system component may have far-reaching effects on mission and business processes supported by the system. The relationships between systems and mission/business processes are, in some cases, unknown to developers. System-related information includes operational procedures.
NIST 800-53A Assessment Guidance
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!