NIST CSF 2.0 · All Functions · PR Protect · PR.PS Platform Security

PR.PS-01

Configuration management practices are established and applied

Implementation examples

Ex1: Establish, test, deploy, and maintain hardened baselines that enforce the organization's cybersecurity policies and provide only essential capabilities (i.e., principle of least functionality)
Ex2: Review all default configuration settings that may potentially impact cybersecurity when installing or upgrading software
Ex3: Monitor implemented software for deviations from approved baselines

Mapped NIST 800-53 r5 controls (11)

CM-01 CM-02 CM-03 CM-04 CM-05 CM-06 CM-07 CM-08 CM-09 CM-10 CM-11

Mapped CWE weaknesses (6)

Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.

CWE-1256→P CWE-1391←F →P CWE-200←P CWE-269←P →P CWE-284←P →P CWE-287←P

All informative references (99)

AI-SOC: AI-SOC-08
AI-SOC: AI-SOC-22
CCMv4.0: AIS-02
CCMv4.0: AIS-04
CCMv4.0: AIS-05
CCMv4.0: AIS-06
CCMv4.0: CCC-01
CCMv4.0: CCC-02
CCMv4.0: CCC-06
CCMv4.0: CCC-07
CCMv4.0: IVS-04
CCMv4.0: IVS-06
CCMv4.0: UEM-05
CCMv4.0: UEM-06
CCMv4.0: UEM-07
CCMv4.0: UEM-09
CCMv4.0: UEM-10
CCMv4.0: UEM-11
CCMv4.0: UEM-12
CCMv4.0: UEM-13
CIS Controls v8.0: 4.1
CIS Controls v8.0: 4.2
CIS Controls v8.1: 4.1
CIS Controls v8.1: 4.2
CRI Profile v2.0: PR.PS-01
CRI Profile v2.0: PR.PS-01.01
CRI Profile v2.0: PR.PS-01.02
CRI Profile v2.0: PR.PS-01.03
CRI Profile v2.0: PR.PS-01.04
CRI Profile v2.0: PR.PS-01.05
CRI Profile v2.0: PR.PS-01.06
CRI Profile v2.0: PR.PS-01.07
CRI Profile v2.0: PR.PS-01.08
CRI Profile v2.0: PR.PS-01.09
CSF v1.1: PR.IP-1
CSF v1.1: PR.IP-3
CSF v1.1: PR.PT-2
CSF v1.1: PR.PT-3
Guardian-SDK: GS-CF-01
ISO/IEC 27001:2022: Mandatory Clause: 9.3
ISO/IEC 27001:2022: Annex A Controls: 8.9
NICE Framework: DD-WRL-001
NICE Framework: DD-WRL-002
NICE Framework: IO-WRL-005
NICE Framework: OG-WRL-013
NICE Framework: PD-WRL-004
OWASP Top 10 LLM Applications: LLM06-2025
OWASP Top 10 LLM Applications: LLM07-2025
OWASP Top 10 LLM Applications: LLM10-2025
PCI DSS: 2.2.1
PCI DSS: 2.2.2
SCF: CFG-01
SDOS: SDOS-GV-01
SDOS: SDOS-GV-04
SDOS: SDOS-IN-01
SP 800-171 Rev 3: 03.04.01
SP 800-171 Rev 3: 03.04.02
SP 800-171 Rev 3: 03.04.03
SP 800-171 Rev 3: 03.04.04
SP 800-171 Rev 3: 03.04.05
SP 800-171 Rev 3: 03.04.06
SP 800-171 Rev 3: 03.04.08
SP 800-171 Rev 3: 03.04.10
SP 800-171 Rev 3: 03.04.12
SP 800-171 Rev 3: 03.15.01
SP 800-53 Rev 5.1.1: CM-01
SP 800-53 Rev 5.1.1: CM-02
SP 800-53 Rev 5.1.1: CM-03
SP 800-53 Rev 5.1.1: CM-04
SP 800-53 Rev 5.1.1: CM-05
SP 800-53 Rev 5.1.1: CM-06
SP 800-53 Rev 5.1.1: CM-07
SP 800-53 Rev 5.1.1: CM-08
SP 800-53 Rev 5.1.1: CM-09
SP 800-53 Rev 5.1.1: CM-10
SP 800-53 Rev 5.1.1: CM-11
SP 800-53 Rev 5.2.0: CM-01
SP 800-53 Rev 5.2.0: CM-02
SP 800-53 Rev 5.2.0: CM-03
SP 800-53 Rev 5.2.0: CM-04
SP 800-53 Rev 5.2.0: CM-05
SP 800-53 Rev 5.2.0: CM-06
SP 800-53 Rev 5.2.0: CM-07
SP 800-53 Rev 5.2.0: CM-08
SP 800-53 Rev 5.2.0: CM-09
SP 800-53 Rev 5.2.0: CM-10
SP 800-53 Rev 5.2.0: CM-11
SP 800-81r3: 2.2.3
SP 800-81r3: 2.3.1
SP 800-81r3: 2.3.3
SP 800-81r3: 3.5.1
SP 800-81r3: 3.6.1
SP 800-81r3: 3.6.2
SP 800-81r3: 3.7.1
SP 800-81r3: 3.8.3
SP 800-81r3: 4.2.1.3
SP 800-81r3: 4.2.2
SSDF: PO.5.2
SSDF: PS.1.1

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).