← Controls / SA

SA-10 Developer Configuration Management

System and Services Acquisition

Low Moderate High

Description

The organization requires that information system developers create and implement a configuration management plan that controls changes to the system during development, tracks security flaws, requires authorization of changes, and provides documentation of the plan and its implementation.\n

Supplemental Guidance

This control also applies to the development actions associated with information system changes.\n

Changes from Rev 4

Adds 'disposal' to parameter text selections Adds 'privacy' to control text

Enhancements

(0) None.\n

Compliance Mappings

ISO 27002:2022

8.308.32

CIS Controls v8

16.11

NIST CSF 2.0

ID.RA-09

ISO 17799 (legacy)

12.5.112.5.2

COBIT 4.1 (legacy)

None.