NIST 800-171 R-3.4.5
Restrict Access for Changes
Official citation: 3.4.5
Class: core · Severity: medium
Statement of the obligation — verify against source
3.4.5
What it means
Define, document, approve, and enforce who may make changes to your systems, since any hardware, software, or firmware change can affect security. Permit only qualified, authorized individuals to initiate changes (including to software libraries), using controls such as physical and logical access restrictions, workflow automation, and defined change windows.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.