SID-OPS-05 — Secure Configuration Management
| Property | Value |
|---|---|
| Owner | platform |
| Category | process |
| CSF Function | govern |
| Group | Operational Controls |
Description
Formal secure configuration management process with materiality assessment. Deployment-time configuration changes are classified by impact and risk. Notification to certification body for material changes. Staged deployment process with rollback procedures.
Operator Responsibility
Implement secure configuration management for deployment-specific configuration, infrastructure changes, versioning, approval, rollback, and notification to certification body.
Framework Requirements
EUDI Security Requirements: WIN-8.4.3-Sec-02, CS-I.2-Change, CS-I.3-Load