Any change to a system’s configuration, environment, information content, functionality, or users which has the potential to change the risk imposed upon its continued operations.

Source: CNSSI 4009-2015 | Category: