CCI-000333
CCI-000333 Definition
Analyze changes to the system to determine potential security impacts prior to change implementation.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed analyzes changes to the information system to determine potential security impacts prior to change implementation. The organization must maintain records of analysis of changes to the information system.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the records of analyses to ensure the organization is conducting a security impact analysis of changes to the information system(s) prior to their implementation.
Compelling Evidence
1.) Signed and dated change management testing procedures