CCC-04: Unauthorized Change Protection

Threats Addressed:

Info icon.

Control is new to this version of the control set and incorporates the following item from the previous version: CCC-04: Unauthorized Software Installations.

Control Statement

Restrict the unauthorized addition, removal, update, and management of organization assets.

Implementation Guidance

The organization should establish procedures and implement technical measures to prevent and/or detect any unwanted/unauthorized changes (e.g., additions, removals, and updates) to organizational assets production, including applications, systems, infrastructure, configuration, etc.

Auditing Guidance

  1. Examine the policy relating to the authorisation of changes in assets.
  2. Examine the implementation of such policy, technical controls, and their effectiveness.

[ Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.