Reference: CMMC 2.0
Level Introduced: 2
Title: Security Configuration Enforcement
Establish and enforce security configuration settings for information technology products employed in organizational systems.
Security-related configuration settings should be customized and included as part of an organization's baseline configurations for all information systems. These configuration settings should satisfy the organization's security requirements and changes or deviations to the security settings should be documented. Organizations should document the Security- related configuration settings and apply them to all systems once tested and approved. The configuration settings should reflect the most restrictive settings that are appropriate for the system. This ensures that information security is an integral part of an organization's configuration management process.
You are in charge of establishing baseline configurations for your organization's systems. As part of this, you document the most restrictive settings that still allow the system to function as required and apply this configuration to all applicable systems. This secure configuration, also known as a system lockdown, blocks unapproved applications from running on the system. The lockdown configuration aligns with your organization's security requirements.