SA-10: Developer Configuration Management
NIST Baseline: Moderate
DIR Required By: 07/20/2023
Review Date: 08/08/2024
- The developers of information systems, system components, or information service shall:
- Perform configuration management during design, development, implementation, or operation;
- Document, manage, and control the integrity of changes;
- Implement only university or unit-approved changes;
- Document approved changes and the potential security impacts of such changes; and
- Track security flaws and flaw resolution and report findings to information owner or designee.
Note: All of the above should follow the process as defined in the Configuration Management family of controls within this catalog.