Hi Howard,
can you please be a little more specific about what you want to see in a checklist for a physical configuration audit (PCA) and a functional configuration audit (FCA)? You probably want to consult with references for the MIL standards. Is this for software, hardware or both?
here is a reference which you may already know about for the PCA
https://dap.dau.mil/acquipedia/Pages/ArticleDetails.aspx?aid=f4fb1598-4f...
and here is a reference for the FCA
https://dap.dau.mil/acquipedia/Pages/ArticleDetails.aspx?aid=555d837d-06...
In general, the physical configuration audit ensures that you have the right configuration items (CI) in place. There are many ways to do this including embedding a immutable version or using cryptography.
The functional configuration audit ensures that the CIs are doing the right thing. To implement this, I would need to know a little more about the technologies involved.
Have you looked at the IEEE 828 standard? (sevocab is also a great reference - let me know if you need the link...)
Bob Aiello, technical editor CM Crossroads
