CCI-000700

Provide an alternate configuration management process using organizational personnel in the absence of a dedicated developer configuration management team.

Implementation Guidance

The organization being inspected/assessed, in the absence of a dedicated software developer configuration management team, establishes an alternate configuration management process that is staffed with appropriate key organizational personnel.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the Configuration Control Board (CCB) charter to determine if the organization, in the absence of a dedicated software developer configuration management team, has established an alternate configuration management process that is staffed with key organizational personnel.

Compelling Evidence

1.) Configuration Control Board (CCB). 2.) Continuous monitoring plan must document if there is an alternate configuration management process and if so, it must be staffed with key organizational personnel.

The controls below (if any) were marked by NIST as being related to CCI-000700.