UCF STIG Viewer Logo

DCCB-2 Control Board


All information systems are under the control of a chartered Configuration Control Board that meets regularly according to DCPR-1. The IAM is a  voting member of the CCB.

MAC / CONF Impact Subject Area
Medium Security Design and Configuration


Without a Configuration Control Board, arbitrary, unapproved, and undocumented changes and updates to information system baselines have the potential to negatively impact system integrity and availability.  A chartered Configuration Control Board provides a vetting process for technical review and formal approval of network changes to help prevent rogue system modifications.

1. Each Component shall formally charter a CCB for the purpose of monitoring and controlling configuration changes within all information systems under its purview.
2. CCB members shall be appointed in writing for a specified period of time and their duties outlined by title, position, and system.
3. The IAM shall be a regular, voting member of the CCB.*
4. All decisions made by the CCB, including any changes to the system baseline, shall be documented and maintained in the appropriate configuration management system.
* Note: This requirement is more stringent than DCCB-1


  • CJCSI - Information Assurance (IA) and Computer Network Defense (CND)
  • ANSI/EIA-649 “National Consensus Standard for Configuration Management”, July 1998