FIPS 199 High Impact (for ICS) |
| Findings
Color Code |
| Satisfied |
| Other Than Satisfied - not assessed |
| Other Than Satisfied - failed
|
|
|
NIST SP 800-53A SA-10 .01
|
Question: Does an examination of acquisition contracts and service level agreements confirm that they require information system developers create and implement a configuration management plan that controls changes to the system during development, tracks security flaws, requires authorization of changes, and provides documentation of the plan and its implementation ? |
|
Answered by: BOSTON::BUCHANAN
As part of Manual Examination group: SYSTEM
|
Answer: YES
|
|
|
This NIST 800-53 report is posted on the Internet to promote Version 3.0 of LJK/Security . The corresponding vulnerability report for your own system should be guarded more carefully, such as by being reviewed only from local HTML disk files rather than via a web server.
|