Skip to main content

πŸ’Ό SA-10 DEVELOPER CONFIGURATION MANAGEMENT

Description​

The organization requires the developer of the information system, system component, or information system service to: SA-10a. Perform configuration management during system, component, or service [Selection (one or more): design; development; implementation; operation]; SA-10b. Document, manage, and control the integrity of changes to [Assignment: organization-defined configuration items under configuration management]; SA-10c. Implement only organization-approved changes to the system, component, or service; SA-10d. Document approved changes to the system, component, or service and the potential security impacts of such changes; and SA-10e. Track security flaws and flaw resolution within the system, component, or service and report findings to [Assignment: organization-defined personnel].

Similar​

  • Internal
    • ID: dec-c-aa4bca84

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.DS-8: Integrity checking mechanisms are used to verify hardware integrity
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)414
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.IP-2: A System Development Life Cycle to manage systems is implemented66
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.IP-3: Configuration change control processes are in place44

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό SA-10 (1) SOFTWARE _ FIRMWARE INTEGRITY VERIFICATION
πŸ’Ό SA-10 (2) ALTERNATIVE CONFIGURATION MANAGEMENT PROCESSES
πŸ’Ό SA-10 (3) HARDWARE INTEGRITY VERIFICATION
πŸ’Ό SA-10 (4) TRUSTED GENERATION
πŸ’Ό SA-10 (5) MAPPING INTEGRITY FOR VERSION CONTROL
πŸ’Ό SA-10 (6) TRUSTED DISTRIBUTION