>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CM-3(4)Configuration Change Control

PBMM (P2)
Secret (P2)
Operational

>Control Description

CONFIGURATION CHANGE CONTROL | SECURITY REPRESENTATIVE The organization requires an information security representative to be a member of the organization-defined configuration change control element.

>Supplemental Guidance

Information security representatives can include, for example, senior agency information security officers, information system security officers, or information system security managers. Representation by personnel with information security expertise is important because changes to information system configurations can have unintended side effects, some of which may be security-relevant. Detecting such changes early in the process can help avoid unintended, negative consequences that could ultimately affect the security state of organizational information systems.

The configuration change control element in this control enhancement reflects the change control elements defined by organizations in CM-3.

>Tailoring Guidance

This security control/enhancement is considered to be best practice. Consequently, inclusion in a departmental profile is strongly encouraged in most cases.

Ask AI

Configure your API key to use AI features.