CHG
Change Management
19 controls
Manage change in a sustainable and ongoing manner that involves active participation from both technology and business stakeholders to ensure that only authorized changes occur.
| SCF # | Control Name | Weight |
|---|---|---|
| CHG-01 | Change Management Program | 10 — Critical |
| CHG-02 | Configuration Change Control | 8 — High |
| CHG-02.1 | Prohibition Of Changes | 10 — Critical |
| CHG-02.2 | Test, Validate & Document Changes | 9 — Critical |
| CHG-02.3 | Cybersecurity & Data Protection Representative for Asset Lifecycle Changes | 7 — High |
| CHG-02.4 | Automated Security Response | 5 — Medium |
| CHG-02.5 | Cryptographic Management | 5 — Medium |
| CHG-03 | Security Impact Analysis for Changes | 9 — Critical |
| CHG-04 | Access Restriction For Change | 8 — High |
| CHG-04.1 | Automated Access Enforcement / Auditing | 3 — Low |
| CHG-04.2 | Signed Components | 3 — Low |
| CHG-04.3 | Dual Authorization for Change | 6 — Medium |
| CHG-04.4 | Permissions To Implement Changes | 6 — Medium |
| CHG-04.5 | Library Privileges | 8 — High |
| CHG-05 | Stakeholder Notification of Changes | 9 — Critical |
| CHG-06 | Control Functionality Verification | 9 — Critical |
| CHG-06.1 | Report Verification Results | 5 — Medium |
| CHG-07 | Emergency Changes | 9 — Critical |
| CHG-07.1 | Documenting Emergency Changes | 7 — High |
The Secure Controls Framework (SCF) is maintained by SCF Council. Use of SCF content is subject to the SCF Terms & Conditions.