Navigate

CCI-001818

CCI-001818 Definition

The organization analyzes changes to the information system in a separate test environment before installation in an operational environment.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and employs a policy to analyze changes to the information system in a separate test environment before installation in an operational environment, looking for security impacts due to flaws, weaknesses, incompatibility, or intentional malice. The organization must maintain records of analysis of changes to the information system.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented policy for analyzing changes as well as records of analysis to ensure the organization being inspected/assessed analyzes changes to the information system in a separate test environment before installation in an operational environment, looking for security impacts due to flaws, weaknesses, incompatibility, or intentional malice.

Compelling Evidence

1.) Signed and dated policy to analyze changes to the information system in a separate test environment before installation in an operational environment, looks for security impacts due to flaws, weaknesses, incompatibility, or intentional malice. 2.) Records of analysis

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001818.

Control	Description
CM-4 (1)	The organization analyzes changes to the information system in a separate test environment before implementation in an operational environment, looking for security impacts due to flaws, weaknesses, incompatibility, or intentional malice.