| 1. A CM plan shall be established and implemented, and the CM plan shall include how software change requests are prepared, submitted, processed, and tracked. |
2. The IAM/IAO and the site’s lead developer/programmer shall authorize and document the roles, responsibilities, and privileges for all personnel allowed to make software development changes.
3. Systems shall include technical features that implement a role-based access scheme to assure program modifications are made by authorized personnel.
4. The software developer’s user accounts shall be limited to the minimum number of permissions needed to perform their assigned duties.