NIST SP 800-171 & CMMC 2.0 Control 3.4.4 Requirement:

Analyze the security impact of changes prior to implementation.

NIST SP 800-171 & CMMC 2.0 3.4.4 Requirement Explanation:

Failing to analyze changes for potential security impacts may result in the deployment of a change that negatively affects confidentiality, integrity, or availibility. By reviewing change for security impacts you can avoid this.

Example NIST SP 800-171 & CMMC 2.0 3.4.4 Implementation:

Before implementing a change create a plan and submit it to your change control board to identify any potential security impacts. If they identify any potential issues update your plan and resubmit it for approval.

NIST SP 800-171 & CMMC 2.0 3.4.4 Scenario(s):

- Scenario 1:

Alice, a system administrator wants to uninstall the anti-malware software from her company's file server. Alice wants to do this because the anti-malware software is consuming RAM on the server. She proposes this change to the change control board. The board rejects the proposal because it will negatively impact security. The board tells Alice to upgrade the RAM on the server instead of uninstalling the anti-malware software.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.