Changes to higher priority assets are tested for cybersecurity impact prior to being deployed
Context and Guidance: Changes to an asset used in multiple services can meet an immediate need but cause a problem in other applications. Changes should be evaluated in a test environment to identify any impact of the proposed change on other assets and systems. Cybersecurity impact might include any effect on availability of an asset to authorised users, any weakening of protections, or unintended alterations of access control lists. For example, if a vendor pushes a new version of an operating system, the new OS should be tested in a controlled environment to determine whether any applications or services would be affected.
Related Practices • Input From: Implementing ASSET-1c provides input that may be useful for implementing this practice. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ASSET-4a, ASSET-4d, ASSET-4e, ASSET-4f, ASSET-4h.