This objective requires your organization to define and document processes for managing configuration changes to systems that store, process, or transmit Controlled Unclassified Information (CUI). These processes must govern how changes are requested, reviewed, approved, and implemented.