Navigate

SA-10 (2)

SA-10 (2): Alternative Configuration Management Processes

The organization provides an alternate configuration management process using organizational personnel in the absence of a dedicated developer configuration management team.

Supplemental

Alternate configuration management processes may be required, for example, when organizations use commercial off-the-shelf (COTS) information technology products. Alternate configuration management processes include organizational personnel that: (i) are responsible for reviewing/approving proposed changes to information systems, system components, and information system services; and (ii) conduct security impact analyses prior to the implementation of any changes to systems, components, or services (e.g., a configuration control board that considers security impacts of changes during development and includes representatives of both the organization and the developer, when applicable).

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
Space Platform

Related Controls

The controls below (if any) were marked by NIST as being related to SA-10 (2).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SA-10 (2).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SA-10 (2).

CCI	Definition
CCI-000700	The organization provides an alternate configuration management process using organizational personnel in the absence of a dedicated developer configuration management team.