CMMC 1.0 Practice CM.2.066 Requirement:

Analyze the security impact of changes prior to implementation.

CMMC 1.0 CM.2.066 Requirement Explanation:

Failing to analyze changes for potential security impacts could result in the deployment of a change that increases cyber risk. By reviewing change for security impacts your can avoid this.

Example CMMC 1.0 CM.2.066 Implementation:

Before implementing a change create a plan and submit it to your change control board to identify any potential security impacts. If they identify any potential issues update your plan and resubmit it for approval.

CMMC 1.0 CM.2.066 Scenario(s):

- Scenario 1:

Alice, a system administrator wants to uninstall the anti-malware software from her company's file server. Alice wants to do this because the anti-malware software is consuming RAM on the server. She proposes this change to the change control board. The board rejects the proposal because it would have negative impacts on security. The board tells Alice to upgrade the RAM on the server instead of uninstalling the anti-malware software.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.