Statement

West Texas A&M University must control changes to the information systems to determine potential security impacts prior to change implementation.

Applicability

This control applies to all West Texas A&M network information resources. The intended audience for this control includes all information resource owners, custodians, and users of information resources.

Implementation

• Information resource owners or their designee are responsible for determining the types of changes that are configuration-controlled as specified in Control CM-3 Configuration Change Control.
  • Configuration-controlled changes to High or Moderate Impact Information Resources should be tested, validated, and documented before finalizing their implementation.