3.4
Configuration Management
9 controls · 6 weighted 5 points · NIST SP 800-171 Rev 2
3.4.1Establish and maintain baseline configurations and inventories5 points
3.4.2Establish and enforce security configuration settings5 points
3.4.3Track, review, approve, and log changes to systems1 point
3.4.4Analyze the security impact of changes prior to implementation1 point
3.4.5Define, document, approve, and enforce access restrictions for changes5 points
3.4.6Employ the principle of least functionality5 points
3.4.7Restrict, disable, or prevent nonessential programs, functions, ports, protocols5 points
3.4.8Apply deny-by-exception / permit-by-exception policy for software (allowlisting)5 points
3.4.9Control and monitor user-installed software1 point
Estimate your SPRS score in 2 minutes
15 quick questions across the highest-impact controls — instant estimate, no signup.
Estimate my SPRS score →Source: NIST SP 800-171 Rev 2 (public domain) · SPRS weighting per the DoD Assessment Methodology