Part 7: Configuration Management (CM)

A few questions for you and your cyber team: Do the diagrams (e.g. System Boundary, Data Flow) match the inventory? System diagrams often out-of-date as they are typically created using specialized software not availble to cyber professionals to update when system documentation (software and hardware lists) is reviewed/updated. Also, what system changes require a security impact analysis? No to in-version upgrades such as 14.0.1 to 14.0.2 but yes to the deployment of new features? Most importantly, does your team know your requirements?.  VIdeo