CCI-000350

The organization reviews information system changes upon organization-defined circumstances to determine whether unauthorized changes have occurred.

Implementation Guidance

The organization being inspected/assessed documents and implements a process to review the information system changes when there is an incident or when planned changes have been performed to determine whether unauthorized changes have occurred. The organization must maintain this review as an audit trail. DoD has defined the circumstances as when there is an incident or when planned changes have been performed.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the audit trail of reviews to ensure the organization being inspected/assessed reviews the information system changes when there is an incident or when planned changes have been performed to determine whether unauthorized changes have occurred. DoD has defined the circumstances as when there is an incident or when planned changes have been performed.

Compelling Evidence

1.) Signed and dated configuration management policy, which documents a process to review information system changes when there is an incident or when planned changes have been performed to determine whether unauthorized changes have occurred 2.) Sample of this process

The controls below (if any) were marked by NIST as being related to CCI-000350.