CM-5.1: Automated Access Enforcement and Audit Records

access restrictions for change are enforced using automated mechanisms ;

audit records of enforcement actions are automatically generated.

Configuration management policy

procedures addressing access restrictions for changes to the system

system design documentation

system architecture and configuration documentation

system configuration settings and associated documentation

change control records

system audit records

system security plan

other relevant documents or records

Organizational personnel with logical access control responsibilities

organizational personnel with physical access control responsibilities

organizational personnel with information security responsibilities

system/network administrators

Organizational processes for managing access restrictions to change

automated mechanisms implementing the enforcement of access restrictions for changes to the system

automated mechanisms supporting auditing of enforcement actions