{"id":1121,"date":"2024-07-16T21:43:16","date_gmt":"2024-07-16T21:43:16","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=1121"},"modified":"2024-09-06T21:22:21","modified_gmt":"2024-09-06T21:22:21","slug":"cm-3-configuration-change-control","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/configuration-management-cm\/cm-3-configuration-change-control\/","title":{"rendered":"CM-3: Configuration Change Control"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">CM-3: Configuration Change Control<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: &nbsp;<\/strong>Low&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By: &nbsp;<\/strong>11\/18\/2024&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>TAMUS Required By:<\/strong> &nbsp;08\/01\/2022&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: &nbsp;<\/strong>06\/26\/2024&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>Information resource owners or their designees are responsible for determining and documenting the types of changes that are configuration-controlled in the change control process for the information systems under their control, in accordance with Texas Department of Information Resources (DIR) Security Control Standard requirements. The change control process should address:&nbsp;&nbsp;&nbsp;\n<ul class=\"wp-block-list\">\n<li>How changes are identified, classified, prioritized, and requested;&nbsp;&nbsp;<\/li>\n\n\n\n<li>Identification and deployment for emergency changes;&nbsp;&nbsp;<\/li>\n\n\n\n<li>Assessing potential impacts from changes;&nbsp;&nbsp;<\/li>\n\n\n\n<li>Authorizing changes and exceptions; and&nbsp;&nbsp;<\/li>\n\n\n\n<li>Implementing changes and planning for back-outs.&nbsp;&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Configuration-controlled changes must:&nbsp;&nbsp;\n<ul class=\"wp-block-list\">\n<li>Be documented, including approval decisions, a date and timeframe for the change, and the result after the change is made;&nbsp;&nbsp;<\/li>\n\n\n\n<li>Be reviewed to consider their potential impact to users, stability of the system and dependent resources, and impact to security, and privacy then approved or disapproved; and&nbsp;&nbsp;<\/li>\n\n\n\n<li>Have appropriate communications and coordination with anyone who will be impacted.&nbsp;&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Coordinating and providing oversight for configuration change control activities is conducted through the weekly Change Advisory Board (CAB) that convenes, documents, and tracks changes.&nbsp;<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\">References\/Additional Resources<\/h3>\n\n\n\n<p>None.&nbsp; See any applicable internal procedures.&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CM-3: Configuration Change Control NIST Baseline: &nbsp;Low&nbsp; DIR Required By: &nbsp;11\/18\/2024&nbsp; TAMUS Required By: &nbsp;08\/01\/2022&nbsp; Review Date: &nbsp;06\/26\/2024&nbsp; References\/Additional Resources None.&nbsp; See any applicable internal procedures.&nbsp;<\/p>\n","protected":false},"author":1,"featured_media":580,"parent":1390,"menu_order":2,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-1121","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/brian-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"brian"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 2 years ago"},"absolute_dates":{"created":"Posted on July 16, 2024","modified":"Updated on September 6, 2024"},"absolute_dates_time":{"created":"Posted on July 16, 2024 9:43 pm","modified":"Updated on September 6, 2024 9:22 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=1121"}],"version-history":[{"count":0,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1121\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1390"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=1121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}