>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CM-1Policy And Procedures

>Control Description

Configuration management impacts nearly every aspect of the supply chain. Configuration management is critical to the enterprise’s ability to establish the provenance of components, including tracking and tracing them through the SDLC and the supply chain. A properly defined and implemented configuration management capability provides greater assurance throughout the SDLC and the supply chain that components are authentic and have not been inappropriately modified. When defining a configuration management policy and procedures, enterprises should address the full SDLC, including procedures for introducing and removing components to and from the enterprise’s information system boundary. A configuration management policy should incorporate configuration items, data retention for configuration items and corresponding metadata, and tracking of the configuration item and its metadata. The enterprise should coordinate with suppliers, developers, system integrators, external system service providers, and other ICT/OT-related service providers regarding the configuration management policy.

>Cross-Framework Mappings

SCF

CFG-01
Compare
GOV-03
Compare
GOV-02
Compare

Ask AI

Configure your API key to use AI features.