CM-5(5)

  • Requirement

    1. Limit privileges to change system components and system-related information within a production or operational environment; and
    2. Review and reevaluate privileges [Assignment: organization-defined frequency].
  • Discussion

    In many organizations, systems support multiple mission and business functions. Limiting privileges to change system components with respect to operational systems is necessary because changes to a system component may have far-reaching effects on mission and business processes supported by the system. The relationships between systems and mission/business processes are, in some cases, unknown to developers. System-related information includes operational procedures.

More Info

  • Title

    Access Restrictions for Change | Privilege Limitation for Production and Operation
  • Family

    Configuration Management
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

      AC-2

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!