zydronium/manage.get.gov

mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-05 17:28:31 +02:00

Add compliance documentation to source control (#116 )

* add initial setup of compliance-trestle

2022-09-14 08:46:43 -04:00

1.8 KiB

Raw Blame History

implementation-status

control-origination

c-not-implemented

c-inherited-cloud-gov

c-inherited-cisa

c-common-control

c-system-specific-control

cm-3.2 - [catalog] Testing, Validation, and Documentation of Changes

Control Statement

Test, validate, and document changes to the system before finalizing the implementation of the changes.

Control guidance

Changes to systems include modifications to hardware, software, or firmware components and configuration settings defined in CM-6 . Organizations ensure that testing does not interfere with system operations that support organizational mission and business functions. Individuals or groups conducting tests understand security and privacy policies and procedures, system security and privacy policies and procedures, and the health, safety, and environmental risks associated with specific facilities or processes. Operational systems may need to be taken offline, or replicated to the extent feasible, before testing can be conducted. If systems must be taken offline for testing, the tests are scheduled to occur during planned system outages whenever possible. If the testing cannot be conducted on operational systems, organizations employ compensating controls.

Control assessment-objective

changes to the system are tested before finalizing the implementation of the changes; changes to the system are validated before finalizing the implementation of the changes; changes to the system are documented before finalizing the implementation of the changes.

What is the solution and how is it implemented?

Add control implementation description here for control cm-3.2

1.8 KiB Raw Blame History