CM-03(04) Security and Privacy Representatives

Require cm-3.4_prm_1 to be members of the cm-03.04_odp.03.

Parameter ID Definition
cm-3.4_prm_1 organization-defined security and privacy representatives
cm-03.04_odp.01 security representatives
cm-03.04_odp.02 privacy representatives
cm-03.04_odp.03 configuration change control element



Information security and privacy representatives include system security officers, senior agency information security officers, senior agency officials for privacy, or system privacy officers. Representation by personnel with information security and privacy expertise is important because changes to system configurations can have unintended side effects, some of which may be security- or privacy-relevant. Detecting such changes early in the process can help avoid unintended, negative consequences that could ultimately affect the security and privacy posture of systems. The configuration change control element referred to in the second organization-defined parameter reflects the change control elements defined by organizations in [CM-3g](#cm-3_smt.g).