Back

Archive release records related to the newly implemented system.


CONTROL ID
06834
CONTROL TYPE
Records Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Initiate the System Development Life Cycle implementation phase., CC ID: 06268

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Archive all release data. (§ 6.3, Microsoft Simplified Implementation of the Security Development Lifecycle (SDL), 1.0)
  • The installation process should cover required Housekeeping activities, which include archiving previous versions of software, together with corresponding information (including configuration settings, operations procedures, and supporting software). (CF.18.07.04d, The Standard of Good Practice for Information Security)
  • The installation process should cover required Housekeeping activities, which include archiving previous versions of software, together with corresponding information (including configuration settings, operations procedures, and supporting software). (CF.18.07.04d, The Standard of Good Practice for Information Security, 2013)
  • The organization shall document the approval of residual risk and the configuration information in the medical Information Technology network Risk Management file. (§ 4.5.3 ¶ 4, Application of risk management for IT-networks incorporating medical devices Part 1: Roles, responsibilities and activities, Edition 1.0 2010-10)
  • Archive and Protect Each Software Release (PS.3): Preserve software releases in order to help identify, analyze, and eliminate vulnerabilities discovered in the software after release. (PS.3, NIST SP 800-218, Secure Software Development Framework: Recommendations for Mitigating the Risk of Software Vulnerabilities, Version 1.1)
  • The organization requires the developer of the information system or system component to archive the system or component to be released or delivered together with the corresponding evidence supporting the final security review. (SA-15(11), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization requires the developer of the information system or system component to archive the system or component to be released or delivered together with the corresponding evidence supporting the final security review. (SA-15(11) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Require the developer of the system or system component to archive the system or component to be released or delivered together with the corresponding evidence supporting the final security and privacy review. (SA-15(11) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Require the developer of the system or system component to archive the system or component to be released or delivered together with the corresponding evidence supporting the final security and privacy review. (SA-15(11) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)