Reference: CMMC 2.0
Family: CM
Level Introduced: 2
Title: Security Impact Analysis
Practice:
Analyze the security impact of changes prior to implementation.
CMMC Clarification:
You should analyze the potential security impact of changes before implementing them. Changes to complex environments can cause unforeseen problems to systems and environments. You should perform an analysis that focuses on the security impact of changes. This can uncover potential problems before you implement the change. By doing so, you can help mitigate unforeseen problems.
Example
Someone requests major changes to the system and environment. You must complete a process with several steps before you can put the change in place. You document a detailed plan which includes the security impact of the change. A SME who did not submit the change reviews the plan. That SME tries to identify security-related issues that the change may cause. Then, they document or correct the potential issues. Also, they submit the updated change plan to your organization's change control board.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.