CCI-001499

Implementation Guidance

Determine if privileges to change software resident within software libraries are limited.

Validation Procedures

Examine: [SELECT FROM: Configuration management policy; procedures addressing access restrictions for changes to the system; configuration management plan; system design documentation; system architecture and configuration documentation; system configuration settings and associated documentation; system component inventory; change control records; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with information security responsibilities; system/network administrators]. Test: [SELECT FROM: Organizational processes for managing access restrictions to change; mechanisms supporting and/or implementing access restrictions for change].