Configuration Control

Process of controlling modifications to hardware, firmware, software, and documentation to protect the information system against improper modification prior to, during, and after system implementation.
SOURCE: CNSSI-4009; SP 800-37; SP 800-53