Mechanisms exist to include a cybersecurity and/or data protection representative in the configuration change control review process.
Control Question
Assessment question for control validation
Does the organization include a cybersecurity and/or data protection representative in the configuration change control review process?
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational
Tier 3 - Tactical
Core Control Designations
Special designations and baseline inclusions
MAD: CHG-02.3
ESP Level 2: CHG-02.3
ESP Level 3: CHG-02.3
Errata & Additional Notes
- wordsmithed control
- renamed