Back

Define the relationships and dependencies between Configurable Items.


CONTROL ID
02134
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Identify and document the system's Configurable Items., CC ID: 02133

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • You should have an accurate picture of the assets which make up the service, along with their configurations and dependencies. (5.1 ¶ 1, Cloud Security Guidance, 1.0)
  • Configuration items that are affected by changes to other configuration items should be automatically identified as such and listed in the configuration management system. (§ 13.1, ISO 15408-3 Common Criteria for Information Technology Security Evaluation Part 3, 2008)
  • Each Configuration Item record shall include the relationships between the Configuration Item and other configuration items. (§ 9.1 ¶ 1(b), ISO 20000-1, Information Technology - Service Management - Part 1: Service Management System Requirements, Second Edition)
  • The Configuration Item record shall include the relationships between the Configuration Item and the service components. (§ 9.1 ¶ 1(c), ISO 20000-1, Information Technology - Service Management - Part 1: Service Management System Requirements, Second Edition)
  • Appropriate relationships and dependencies between configuration items should be identified to provide the necessary level of control. (§ 9.1.2, ISO 20000-2 Information technology - Service Management Part 2, 2005)
  • relationship with other CIs; (§ 8.2.6 ¶ 2(d), ISO/IEC 20000-1:2018, Information technology — Service management —Part 1: Service management system requirements, Third Edition)
  • Perform Windows registry analysis. (T0397, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Identify components or elements, allocate comprehensive functional components to include security functions, and describe the relationships between the elements. (T0480, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Specify which tools or tool types must or should be included in each toolchain to mitigate identified risks, as well as how the toolchain components are to be integrated with each other. (PO.3.1, NIST SP 800-218, Secure Software Development Framework: Recommendations for Mitigating the Risk of Software Vulnerabilities, Version 1.1)
  • Identify components or elements, allocate comprehensive functional components to include security functions, and describe the relationships between the elements. (T0480, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)