Navigate

CCI-000333

CCI-000333 Definition

The organization analyzes changes to the information system to determine potential security impacts prior to change implementation.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed analyzes changes to the information system to determine potential security impacts prior to change implementation. The organization must maintain records of analysis of changes to the information system.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the records of analyses to ensure the organization is conducting a security impact analysis of changes to the information system(s) prior to their implementation.

Compelling Evidence

1.) Signed and dated change management testing procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000333.

Control	Description
CM-4	The organization analyzes changes to the information system to determine potential security impacts prior to change implementation.