Changes to Internet-facing assets are not assessed or tested to identify potential cybersecurity vulnerabilities arising from the change itself, prior to implementation
Context and Guidance: Internet-facing assets (such as networks, systems, and applications) may be accessible to anyone on the Internet, which can increase the level of attention that they receive from malicious threat actors.
As a result, you should test and validate changes affecting an Internet-facing asset, ensuring that the change does not introduce cybersecurity vulnerabilities that could be exploited.