SA-10(2): Alternative Configuration Management
Control Family:
Parent Control:
Threats Addressed:
Baselines:
(Not part of any baseline)
Previous Version:
- NIST Special Publication 800-53 Revision 4:
- SA-10(2): Alternative Configuration Management Processes
Control Statement
Provide an alternate configuration management process using organizational personnel in the absence of a dedicated developer configuration management team.
Supplemental Guidance
Alternate configuration management processes may be required when organizations use commercial off-the-shelf information technology products. Alternate configuration management processes include organizational personnel who review and approve proposed changes to systems, system components, and system services and conduct security and privacy impact analyses prior to the implementation of changes to systems, components, or services.