Perform configuration management during system, component, or service [Selection (one or more): design; development; implementation; operation];
Document, manage, and control the integrity of changes to [Assignment: organization-defined configuration items under configuration management];
Implement only organization-approved changes to the system, component, or service;
Document approved changes to the system, component, or service and the potential security impacts of such changes; and
Track security flaws and flaw resolution within the system, component, or service and report findings to [Assignment: organization-defined personnel].