The organization must document and gain approval from the Change Control Authority prior to migrating data to DoD operational networks.

From Test and Development Zone A Security Technical Implementation Guide

Part of ENTD0120 - Applications moving to operational networks not approved.

Associated with IA controls: ECSC-1, ECSD-2, ECSD-1

SV-51469r1_rule The organization must document and gain approval from the Change Control Authority prior to migrating data to DoD operational networks.

Vulnerability discussion

Without the approval of the Change Control Authority, data moved from the test and development network into an operational network could pose a risk of containing malicious code or cause other unintended consequences to live operational data. Data moving into operational networks from final stage preparation must always be vetted and approved.

Check content

Review the change control documentation for the environment to determine whether the organization has prior approval to move data from the test and development environment to the operational network after final testing. If the organization does not keep a change control log or the log exists but is not current, this is a finding. If there isn't any application development occurring in the zone environment, this requirement is not applicable.

Fix text

Create a policy to document all finalized projects to gain approval by the Change Control Authority prior to deploying finalized projects to a DoD operational network.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer