SA-10 Developer Configuration Management

Control: The organization requires that information system developers create and implement a configuration management plan that controls changes to the system during development, tracks security flaws, requires authorization of changes, and provides documentation of the plan and its implementation.

Supplemental Guidance: This control also applies to the development actions associated with information system changes.

Control Enhancements: (0) None.

Baseline: LOW Not Selected MOD Not Selected HIGH SA-10

Family: System And Services Acquisition

Class: Management

ISO 17799 mapping: 12.5.1, 12.5.2

COBIT 4.1 mapping: None.

PCI-DSS v2 mapping: 6.4.5