UCF STIG Viewer Logo

DCCB-1 Control Board


Overview

All DoD information systems are under the control of a chartered configuration control board that meets regularly according to DCPR-1.

MAC / CONF Impact Subject Area
Low Security Design and Configuration

Details

Threat
Without a Configuration Control Board, arbitrary, unapproved, and undocumented changes and updates to information system baselines have the potential to negatively impact system integrity and availability.  A chartered Configuration Control Board provides a vetting process for technical review and formal approval of network changes to help prevent rogue system modifications.

Guidance
1. Each Component shall formally charter a CCB for the purpose of monitoring and controlling configuration changes within all information systems under its purview.
2. CCB members shall be appointed in writing for a specified period of time and their duties outlined by title, position, and system.
3. All decisions made by the CCB, including any changes to the system baseline, shall be documented and maintained in the appropriate configuration management system.

References

  • CJCSI - Information Assurance (IA) and Computer Network Defense (CND)
  • ANSI/EIA-649 “National Consensus Standard for Configuration Management”, July 1998