cc8-1 High priority Security / Change Management

Changes to infrastructure and software are authorized and managed

Uncontrolled changes to production systems are one of the most common causes of security incidents and outages. A developer accidentally deploys a misconfiguration; a dependency update introduces a vulnerability; an emergency hotfix bypasses review and creates a backdoor. This criterion requires a formal change management process: all changes are reviewed, approved, and tested before reaching production.

8h estimated effort

change-management code-review ci-cd deployment

Complete first: cc5-2

Implementation steps

1

Require code review before merging to production

Enforce branch protection on your main branch: no direct pushes, all changes require at least one approving review from a team member other than the author. Required checks (CI tests, linting, security scans) must pass before merge. This applies to application code, infrastructure-as-code, and configuration changes.

github gitlab bitbucket
2

Test changes before deploying to production

Changes should pass an automated test suite before reaching production. Maintain a staging or pre-production environment that mirrors production. Deploy to staging first and verify behavior before promoting to production. For significant changes, define a rollback plan before deploying.

github-actions gitlab-ci jenkins vercel aws-codepipeline
3

Document emergency change procedures

Define a process for emergency changes that must bypass normal review (e.g., active incident remediation). Emergency changes should still require approval from an authorized approver, even if abbreviated. All emergency changes should be reviewed after the fact and documented. Limit who can invoke the emergency change process.

jira linear pagerduty confluence