CMMC Practice - CM.2.061
Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles.
CMMC Practice - CM.2.062
Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities.
CMMC Practice - CM.2.063
Control and monitor user-installed software.
CMMC Practice - CM.2.064
Establish and enforce security configuration settings for information technology products employed in organizational systems
CMMC Practice - CM.2.065
Track, review, approve, or disapprove, and log changes to organizational systems.
CMMC Practice - CM.2.066
Analyze the security impact of changes prior to implementation.
CMMC Practice - CM.3.067
Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems.
CMMC Practice - CM.3.068
Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services.
CMMC Practice - CM.3.069
Apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software.