CCC-05: Production Changes

Control Family:

Change Control & Configuration Management

CSF v1.1 References:

PR.DS-7
PR.IP-3
DE.CM-1
DE.CM-7
RS.AN-1

PF v1.0 References:

PR.PO-P2
PR.DS-P7

Threats Addressed:

Tampering
Elevation of Privilege

Control Statement

Policies and procedures shall be established for managing the risks associated with applying changes to:
Business-critical or customer (tenant)-impacting (physical and virtual) applications and system-system interface (API) designs and configurations.
Infrastructure network and systems components. Technical measures shall be implemented to provide assurance that all changes directly correspond to a registered change request, business-critical or customer (tenant), and/or authorization by, the customer (tenant) as per agreement (SLA) prior to deployment.
from Cloud Controls Matrix

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4