What is one of the steps in Configuration Change Management under CIP-010 R1?

One step in Configuration Change Management under CIP-010 R1 involves the authorization of changes that may deviate from the established baseline configuration. This is key to maintaining the integrity, security, and compliance of critical infrastructure systems. The process is designed to ensure that any modifications to the system’s configuration are documented, assessed, and formally approved before implementation.

By requiring authorization for deviations from the baseline, organizations can better manage risk. This step is crucial because it ensures that changes are not made haphazardly or without appropriate oversight, which could lead to vulnerabilities or configuration errors in the system. Establishing a formal approval process also helps track changes, thereby creating an auditable trail which is essential for compliance and regulatory audits.

In contrast, options suggesting the release of software updates without documentation or the immediate installation of updates without testing would undermine the principles of change management and could potentially introduce risks. Furthermore, while notifying users of changes is important for communication, it is not a formal step in the change management process of authorization and documentation as outlined in CIP-010 R1.