Immutable base images plus systemd sysext/confext overlays have quietly become the standard for fleet-managed Linux in 2026. They also created a persistence surface most SOCs are not yet watching.
RMF Control CM-4: Impact Analyses requires organizations to perform impact analyses to identify and assess the potential impacts of changes to information systems on security and privacy. This includes assessing the impacts of changes on the security controls that are in place to protect the information system and its data. Supplemental Guidance The Risk Management …
RMF Control CM-6: Configuration Settings requires organizations to establish and document configuration settings for information systems and their components that reflect the most restrictive mode consistent with operational requirements; implement the configuration settings; identify, document, and approve any deviations from established configuration settings; and monitor and control changes to the configuration settings in accordance with …
