Manage changes to endpoint operating systems, patch levels, and/or applications through the company's change management processes.
The organization should consider the following points:
- Changes should be managed strictly and consistently.
- Formal management responsibilities and procedures should facilitate satisfactory control of all changes to endpoint operating systems, patch levels, and/or applications, including:
- The identification and recording of significant changes.
- The planning and testing of changes.
- The assessment of the potential impacts (including security impacts) of such changes.
- The formal approval for proposed changes.
- The communication of change details to all respective stakeholders.
Fallback procedures and responsibilities should be defined and implemented, including guidelines for aborting and recovering from unsuccessful changes and unforeseen events.
- Examine the organization's change management policy for controls related to changes on endpoints.
- Determine if such controls are in place for making changes to production and infrastructure systems and if the controls are evaluated as effective.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.