From Test and Development Zone C Security Technical Implementation Guide
Part of ENTD0110 - A change management policy is not implemented.
Associated with IA controls: DCII-1, DCPR-1
Change management is the formal review process that ensures that all changes made to a system or application receives formal review and approval. Change management reduces impacts from proposed changes that could possibly have interruptions to the services provided. Recording all changes for applications will be accomplished by a configuration management policy. The configuration management policy will capture the actual changes to software code and anything else affected by the change.
Interview the ISSM/ISSO to determine whether a current Change Control Management policy has been implemented in the organization. If a change management policy has not been created and implemented for the organization, this is a finding. If there isn't any application development occurring in the zone environment, this requirement is not applicable.
Create a change management policy for the organization for application and system development.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer