CCI-000314
CCI-000314 Definition
Approve or disapprove configuration-controlled changes to the system, with explicit consideration for security impact analyses.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed approves or disapproves configuration controlled changes to the information system with explicit consideration for security impact analysis. The organization must maintain an audit trail of approval/disapproval of configuration controlled changes. This action will be implemented by the CCB as defined in CM-3, CCI 1586.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the audit trail of the approval/disapproval of configuration controlled changes to ensure a security impact analysis was conducted.
Compelling Evidence
1.) Signed and dated configuration management policies