Change management policies and procedures are used to control modifications to hardware, firmware, software, and documentation to ensure the ICS is protected against improper modifications prior to, during, and after commissioning. A formal change management program should be established and procedures followed to insure that all modifications to ICS components and the ICS network maintain the security requirements established in the ICS Cybersecurity Requirements Specification
. Changes to the ICS that could affect security, including configuration changes, the addition of network components, and installation of new application software should prompt an update of the ICS Cybersecurity Risk Assessment
There are a variety of commercial software tools available to assist in managing and enforcing these policies/procedures. aeSolutions can assist in the development and implementation of an ICS change management program and the deployment of software tools to assist organizations in meeting the change management requirements set forth in ICS cybersecurity standards such as ISA/IEC 62443 and NERC CIP.