SA-10 Developer Configuration Management
Control: The organization requires that information system developers create and implement a configuration management plan that controls changes to the system during development, tracks security flaws, requires authorization of changes, and provides documentation of the plan and its implementation.
Supplemental Guidance: This control also applies to the development actions associated with information system changes.
Control Enhancements: (0) None.
Baseline: LOW Not Selected MOD Not Selected HIGH SA-10
Family: System And Services Acquisition
ISO 17799 mapping: 12.5.1, 12.5.2
COBIT 4.1 mapping: None.
PCI-DSS v2 mapping: 6.4.5