Mechanisms exist to perform after-the-fact reviews of configuration change logs to discover any unauthorized changes.
Control Question
Assessment question for control validation
Does the organization perform after-the-fact reviews of configuration change logs to discover any unauthorized changes?
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Core Control Designations
Special designations and baseline inclusions
ESP Level 2: CHG-04.1
ESP Level 3: CHG-04.1