1. [The] management of security features and assurances through control of changes made to hardware, software, firmware, documentation, test, test fixtures, and test documentation throughout the life cycle of an information system (IS). [INFOSEC-99] 2. The control of changes–including the recording thereof–that are made to the hardware, software, firmware, and documentation throughout the system life cycle.3. The procedure by which a system is managed throughout its lifecycle to ensure that modifications to the design and implementation are made in a controlled manner and that the level of security originally achieved is maintained.See also: Configuration Control [CESG].