The changes to the application must be assessed for IA and accreditation impact prior to implementation.

From Application Security and Development Security Technical Implementation Guide

Associated with: CCI-003173

SV-85003r1_rule The changes to the application must be assessed for IA and accreditation impact prior to implementation.

Vulnerability discussion

When changes are made to an application, either in the code or in the configuration of underlying components such as the OS or the web or application server, there is the potential for security vulnerabilities to be opened up on the system.IA assessment of proposed changes is necessary to verify security integrity is maintained within the application.

Check content

Interview the application and system administrators and determine if changes to the application are assessed for IA impact prior to implementation. Review the CCB process documentation to ensure potential changes to the application are evaluated to determine impact. An informal group may be tasked with impact assessment of upcoming version changes. If IA impact analysis is not performed, this is a finding.

Fix text

Review IA impact to the system prior to implementing changes.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.