NIST SP 800-171 & CMMC 2.0 3.4.4 Requirement:
Analyze the security impact of changes prior to implementation.
NIST SP 800-171 & CMMC 2.0 3.4.4 Requirement Explanation:
Failing to analyze changes for potential security impacts may result in the deployment of a change that negatively affects confidentiality, integrity, or availibility. By reviewing change for security impacts you can avoid this.
Example NIST SP 800-171 & CMMC 2.0 3.4.4 Implementation:
Before implementing a change create a plan and submit it to your change control board to identify any potential security impacts. If they identify any potential issues update your plan and resubmit it for approval.
NIST SP 800-171 & CMMC 2.0 3.4.4 Scenario(s):
- Scenario 1:
Alice, a system administrator wants to uninstall the anti-malware software from her company's file server. Alice wants to do this because the anti-malware software is consuming RAM on the server. She proposes this change to the change control board. The board rejects the proposal because it will negatively impact security. The board tells Alice to upgrade the RAM on the server instead of uninstalling the anti-malware software.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.