CMMC 1.0 Practice CM.2.066 Requirement:
Analyze the security impact of changes prior to implementation.
CMMC 1.0 CM.2.066 Requirement Explanation:
Failing to analyze changes for potential security impacts could result in the deployment of a change that increases cyber risk. By reviewing change for security impacts your can avoid this.
Example CMMC 1.0 CM.2.066 Implementation:
Before implementing a change create a plan and submit it to your change control board to identify any potential security impacts. If they identify any potential issues update your plan and resubmit it for approval.
CMMC 1.0 CM.2.066 Scenario(s):
- Scenario 1:
Alice, a system administrator wants to uninstall the anti-malware software from her company's file server. Alice wants to do this because the anti-malware software is consuming RAM on the server. She proposes this change to the change control board. The board rejects the proposal because it would have negative impacts on security. The board tells Alice to upgrade the RAM on the server instead of uninstalling the anti-malware software.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.