SA-10(07) Security and Privacy Representatives

Require sa-10.7_prm_1 to be included in the sa-10.7_prm_2.

Parameter ID Definition
sa-10.7_prm_1 organization-defined security and privacy representatives
sa-10.7_prm_2 organization-defined configuration change management and control process
sa-10.07_odp.01 security representatives
sa-10.07_odp.02 privacy representatives
sa-10.07_odp.03 configuration change management and control processes
sa-10.07_odp.04 configuration change management and control processes

Baselines

Guidance

Information security and privacy representatives can include system security officers, senior agency information security officers, senior agency officials for privacy, and system privacy officers. Representation by personnel with information security and privacy expertise is important because changes to system configurations can have unintended side effects, some of which may be security- or privacy-relevant. Detecting such changes early in the process can help avoid unintended, negative consequences that could ultimately affect the security and privacy posture of systems. The configuration change management and control process in this control enhancement refers to the change management and control process defined by organizations in [SA-10b](#sa-10_smt.b).