A configuration management (CM) process is implemented that includes requirements for: 1. Formally documented CM roles, responsibilities, and procedures to include the management of IA information and documentation; 2. A configuration control board that implements procedures to ensure a security review and approval of all proposed DoD information system changes, to include interconnections to other DoD information systems; 3. A testing process to verify proposed configuration changes prior to implementation in the operational environment; and 4. A verification process to provide additional assurance that the CM process is working effectively and that changes outside the CM process are technically or procedurally not permitted.
MAC / CONF | Impact | Subject Area |
---|---|---|
MACI MACII MACIII | High | Security Design and Configuration |
Threat |
---|
Numerous security threats have the potential to be introduced to an information system when a proper CM process is not employed. A well designed and implemented configuration management process will provide a sound framework for an organization to manage and maintain DoD IA compliance. |
Guidance |
---|
Components shall establish a local configuration management (CM) process that includes consideration for the following: 1. Formally documented CM roles, responsibilities, and procedures to include the management of IA information and documentation; 2. A configuration control board that implements procedures to ensure a security review and approval of all proposed DoD information system changes, whether scheduled or emergency, to include interconnections to other DoD information systems; 3. A formal testing process to verify proposed configuration changes prior to implementation in the operational environment; and 4. A verification process to provide additional assurance that the CM process is working effectively and that changes outside the CM process are technically or procedurally not permitted. Techniques such as auditing and verification testing can enable this. |