⚙️ Configuration Management Plan (CMP)

🏢 1. Organization Information

📋 2. Executive Summary

🔒 3. CMMC 2.0 Configuration Management Controls

Update each control's implementation status and add a brief description of how your organization implements it. Click any cell to edit.

👥 4. Roles and Responsibilities

Configuration Control Board (CCB)

List every member of the CCB with their role, name, and primary responsibilities. The CCB is responsible for reviewing and approving all configuration changes.

Configuration Management Team

List each CM team member with their role and daily responsibilities for implementing and maintaining configurations.

Roles & Responsibilities Matrix

⚙️ 5. Configuration Baselines (NIST 3.4.1 & 3.4.2)

CUI Processing Systems — Baseline Inventory

Document each CUI-processing system with its baseline configuration standard. Include OS version, hardening benchmark applied, and encryption status.

Security Configuration Standards

Baseline Documentation and Version Control

🔄 6. Change Control Procedures (NIST 3.4.5 & 3.4.6)

Change Classification

Change Request Process (Step-by-Step)

Document each step in your change request and approval workflow. Edit the text in each step.

Security Impact Analysis (NIST 3.4.6)

📊 7. Monitoring and Compliance (NIST 3.4.8)

Automated Monitoring Tools

Compliance Monitoring Schedule

💻 8. Software and Access Control (NIST 3.4.4 & 3.4.7)

Approved Software List

Document every application authorized for use on CUI-processing systems. Include version/edition, purpose, and authorization basis.

Least Functionality (NIST 3.4.3)

Change Access Restrictions (NIST 3.4.7)

🚨 9. Configuration Incident Response

Unauthorized Configuration Change Response

Emergency Change Procedures

🎓 Training and Awareness

Required Training Programs

📈 10. Continuous Improvement

Performance Metrics

Review and Update Schedule

Plan Approval and Signature