Navigate

CCI-000332

CCI-000332 Definition

The organization requires an information security representative to be a member of the organization-defined configuration change control element.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed requires an information security representative to be a member of the configuration control board. DoD has defined the configuration change control element as the configuration control board.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the membership list of the organization's configuration control board to ensure an information security representative is a member of the organization's configuration control board.

Compelling Evidence

1.) Membership list of the CCB, which identifies an information security representative as a member

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000332.

Control	Description
CM-3 (4)	The organization requires an information security representative to be a member of the [Assignment: organization-defined configuration change control element].