A configuration management (CM) process is implemented that includes requirements for:
1. Formally documented CM roles, responsibilities, and procedures to include the management of IA information and documentation;
2. A configuration control board that implements procedures to ensure a security review and approval of all proposed DoD information system changes, to include interconnections to other DoD information systems;
3. A testing process to verify proposed configuration changes prior to implementation in the operational environment; and
4. A verification process to provide additional assurance that the CM process is working effectively and that changes outside the CM process are technically or procedurally not permitted.
|MAC / CONF ||Impact ||Subject Area |
| MACI |
|High ||Security Design and Configuration |