FIPS 199 High Impact (for ICS) |
| Findings
Color Code |
| Satisfied |
| Other Than Satisfied - not assessed |
| Other Than Satisfied - failed
|
|
|
NIST SP 800-53A CM-03(ICS-01) .01
|
Question: Does a review of change control records and the ICS audit records for a period of 3 months (starting 4 months ago) show that the organization tests, validates, and documents changes (e.g., patches and updates) before implementing the changes on the operational ICS ? |
|
Answered by: BOSTON::FORD
As part of Manual Examination group: AUDIT
|
Answer: YES
|
|
|
This NIST 800-53 report is posted on the Internet to promote Version 3.0 of LJK/Security . The corresponding vulnerability report for your own system should be guarded more carefully, such as by being reviewed only from local HTML disk files rather than via a web server.
|