NIST 800-171 R-3.4.4
Analyze Security Impact of Changes
Official citation: 3.4.4
Class: core · Severity: medium
Statement of the obligation — verify against source
3.4.4
What it means
Analyze the security impact of a change before you implement it. Qualified personnel (system administrators, security officers and engineers) assess how the change could affect controls — reviewing security plans and design documentation, and running risk assessments where needed to decide whether additional controls are required.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.