E.3.6 Monitor changes to configuration settings

Control Details

Objective

Prevent the tapering of information systems and networks through the monitoring of changes to configuration settings.

Definition

Monitor and audit configuration settings and change controls within the information systems and networks throughout the SDLC. Changes should be tested and approved before being implemented. Configuration settings should be monitored so designated employees can be alerted when a change has occurred.

Assessment Questions

1. What kind of monitoring and auditing of changes to configuration settings is in place?
2. What designated employees are alerted when an unauthorized change occurs?

Reference sources

1. 800-161 CM-3 CM-6