The organization documents a configuration management plan for the information system that protects the configuration management plan from unauthorized disclosure and modification.
No STIG checks reference this CCI.