Change logs include information about modifications that impact the cybersecurity requirements of assets
Context and Guidance: If tests for cybersecurity impact prior to deploying asset changes reveal that cybersecurity requirements (confidentiality, integrity, and availability) will be affected, those impacts should be described in change logs when the assets are changed. For example, if IP addressing schemes are changed within a network appliance, the change log should say something about how the availability of connected devices might be affected.
Related Practices • Input From: Implementing ARCHITECTURE-1f provides input that may be useful for implementing this practice. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ASSET-4b, ASSET-4c, ASSET-4i.