CM-3(4) - Configuration Change Control | Security and Privacy Representatives

Require [Assignment: organization-defined security and privacy representatives] to be members of the [Assignment: organization-defined configuration change control element].


Informational References

ISO 27001

ID: CM-3(4)
Enhancement of : CM-3

Countermeasures Covered by Control

ID Name Description D3FEND

Space Threats Tagged by Control

ID Description

Sample Requirements

Requirement Rationale/Additional Guidance/Notes
The [organization] shall ensure security representatives are included in all change control board reviews and decisions.{CM-3(4),SA-10(7)}

Related SPARTA Techniques and Sub-Techniques

ID Name Description