Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
DCCB-1 Control Board
Overview
All DoD information systems are under the control of a chartered configuration control board that meets regularly according to DCPR-1.
| MAC / CONF | Impact | Subject Area |
|---|---|---|
| Low | Security Design and Configuration |
Details
| Threat |
|---|
| Without a Configuration Control Board, arbitrary, unapproved, and undocumented changes and updates to information system baselines have the potential to negatively impact system integrity and availability. A chartered Configuration Control Board provides a vetting process for technical review and formal approval of network changes to help prevent rogue system modifications. |
| Guidance |
|---|
| 1. Each Component shall formally charter a CCB for the purpose of monitoring and controlling configuration changes within all information systems under its purview. 2. CCB members shall be appointed in writing for a specified period of time and their duties outlined by title, position, and system. 3. All decisions made by the CCB, including any changes to the system baseline, shall be documented and maintained in the appropriate configuration management system. |
References
- CJCSI - Information Assurance (IA) and Computer Network Defense (CND)
- ANSI/EIA-649 “National Consensus Standard for Configuration Management”, July 1998