CM-4: Impact Analysis

NIST Baseline:  Low 

Privacy Baseline:  Yes 

DIR Required By:  07/20/2023 

Review Date:  06/26/2024 

1. Information resource custodians are responsible for ensuring that changes are analyzed to determine if there are potential security or privacy impacts before implementation. 

2. All changes to security-related information resources shall be approved by the information owner through a documented change control process. 

---

References/Additional Resources

1 TAC § 202.22  

1 TAC § 202.72