Navigate

CCI-001817

CCI-001817 Definition

The organization, when analyzing changes to the information system, looks for security impacts due to flaws, weaknesses, incompatibility, or intentional malice.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents within their process for analyzing changes to the information system, methods for identifying security impacts due to flaws, weaknesses, incompatibility, or intentional malice. The organization implements the documented process and must maintain a record of analysis.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process and record of analysis to ensure the organization being inspected/assessed, when analyzing changes to the information system, looks for security impacts due to flaws, weaknesses, incompatibility, or intentional malice.

Compelling Evidence

1.) Documented methods for identifying security impacts due to flaws, weaknesses, incompatibility, or intentional malice

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001817.

Control	Description
CM-4 (1)	The organization analyzes changes to the information system in a separate test environment before implementation in an operational environment, looking for security impacts due to flaws, weaknesses, incompatibility, or intentional malice.