A current and comprehensive baseline inventory of all software (SW) (to include manufacturer, type, and version and installation manuals and procedures) required to support DoD information system operations is maintained by the CCB and as part of the C&A documentation. A backup copy of the inventory is stored in a fire-rated container or otherwise not collocated with the original.
MAC / CONF | Impact | Subject Area |
---|---|---|
MACI MACII MACIII | High | Security Design and Configuration |
Threat |
---|
Without a comprehensive software baseline, it may not be possible to identify unauthorized changes to system software or to successfully rebuild network equipment after facility loss. Maintaining a SW baseline allows for periodic software consistency checks and dependable system rebuilds. |
Guidance |
---|
1. Each Component shall develop a current and comprehensive baseline inventory of all software (SW). 2. At a minimum the baseline shall include manufacturer, type, model, physical location and network topology or architecture required to support enclave operations. 3. Physical and logical location of software shall be recorded. 4. The baseline shall be maintained by the Configuration Control Board (CCB) and as part of the system security documentation. 5. A current and comprehensive backup copy of the inventory shall be stored in a fire-rated container or otherwise not collocated with the original. 6. Regular updates to the SW baseline shall be managed through the CCB. 7. The SW baseline shall be validated during turnover of duties to include but not limited to: management and operations. 8. The SW baseline shall be validated not less then annually. |