SA-10(07) Security and Privacy Representatives
Require sa-10.7_prm_1 to be included in the sa-10.7_prm_2.
|sa-10.7_prm_1||organization-defined security and privacy representatives|
|sa-10.7_prm_2||organization-defined configuration change management and control process|
|sa-10.07_odp.03||configuration change management and control processes|
|sa-10.07_odp.04||configuration change management and control processes|
Information security and privacy representatives can include system security officers, senior agency information security officers, senior agency officials for privacy, and system privacy officers. Representation by personnel with information security and privacy expertise is important because changes to system configurations can have unintended side effects, some of which may be security- or privacy-relevant. Detecting such changes early in the process can help avoid unintended, negative consequences that could ultimately affect the security and privacy posture of systems. The configuration change management and control process in this control enhancement refers to the change management and control process defined by organizations in [SA-10b](#sa-10_smt.b).