Which item is listed as part of change management to support a secure development lifecycle?

Change management in a secure development lifecycle focuses on governing changes to software and the environments where it’s built, tested, and released. Environmental control over application development covers establishing secure, well-governed development environments—restricted access, separate development, testing, and production zones, baseline configurations, verified builds, and a controlled deployment pipeline with audit trails. This setup ensures every change is reviewed, tested for security impact, approved, and traceable, reducing the risk that insecure or unapproved modifications reach production. The other options don’t address how changes to software and its development environment are managed: travel policy concerns employee movements, social media usage guidelines govern external communications, and lease terms relate to physical space assets.