SA-08(31) Secure System Modification
Implement the security design principle of secure system modification in sa-08.31_odp.
|sa-08.31_odp||systems or system components|
The principle of secure system modification states that system modification maintains system security with respect to the security requirements and risk tolerance of stakeholders. Upgrades or modifications to systems can transform secure systems into systems that are not secure. The procedures for system modification ensure that if the system is to maintain its trustworthiness, the same rigor that was applied to its initial development is applied to any system changes. Because modifications can affect the ability of the system to maintain its secure state, a careful security analysis of the modification is needed prior to its implementation and deployment. This principle parallels the principle of secure evolvability.
Related controls 2
- CM-03 Configuration Change Control L M H P
- CM-04 Impact Analyses L M H P