NIST 800-53 REV 5 • SYSTEM AND SERVICES ACQUISITION
SA-8(31) — Secure System Modification
Implement the security design principle of secure system modification in {{ insert: param, sa-08.31_odp }}.
Supplemental Guidance
The principle of secure system modification states that system modification maintains system security with respect to the security requirements and risk tolerance of stakeholders. Upgrades or modifications to systems can transform secure systems into systems that are not secure. The procedures for system modification ensure that if the system is to maintain its trustworthiness, the same rigor that was applied to its initial development is applied to any system changes. Because modifications can affect the ability of the system to maintain its secure state, a careful security analysis of the modification is needed prior to its implementation and deployment. This principle parallels the principle of secure evolvability.
Practitioner Notes
Secure system modification means that any change to a system preserves or improves its security properties. Changes should not weaken security, and the modification process itself should be controlled.
Example 1: Require a security review for every system change through your change management process. Before implementing a change, evaluate its security impact: does it open new ports, add new users, change permissions, or introduce new software? If yes, the security team must approve the change.
Example 2: After implementing changes, verify that security controls still function correctly. Run a configuration compliance scan (SCAP, STIG Viewer) after major changes to confirm that the system still meets its security baseline. If the change caused a compliance deviation, remediate it before closing the change ticket.