All
All

Guide for Security Configuration Management of Information Systems

229 KB | 3 files |  PDF, DOC

Your network and client systems are always in a state of flux, so you need a baseline to ensure these systems communicate in a secure manner. This research note will help you establish a security baseline for your network.

An information system is composed of many components that can be interconnected in a multitude of arrangements to meet a variety of business, mission and information security needs. How these information system components are networked, configured and managed is critical in providing adequate information security and supporting an organization's risk management process.

An information system is typically in a constant state of change in response to new or enhanced hardware and software capability, patches for correcting errors to existing components, new security threats and changing business functions. Implementing information system changes almost always results in some adjustment to the system baseline configuration. To ensure that the required adjustments to the system configuration do not adversely affect the information system security, a well-defined security configuration management process is needed.

This security configuration management publication is intended to provide guidelines for organizations responsible for managing and administrating the security of federal information system computing environments. For organizations responsible for the security of information processed, stored and transmitted by external or service-oriented computing environments (e.g., cloud computing environment providers), the security configuration management concepts and principles presented here can aid organizations in establishing assurance requirements for suppliers providing external computing services.

The attached Zip file includes:

  • Intro Page.doc
  • Cover Sheet and Terms.doc
  • Guide for Security Configuration Management of Information Systems.pdf
IT Downloads help you save time and money while executing essential IT management tasks. Download this useful resource now and put it to work for your business.

This Download is provided by:

Partner logo

NIST is a non-regulatory federal agency within the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life.

All IT Downloads from National Institute of Standards and Technology» | Visit National Institute of Standards and Technology »

Related IT Downloads

Money3 PCI Compliance: The Definitive Guide

In this excerpt from chapter 20, the author briefly discusses the challenges and success factors that the organization must be aware of to maintain compliance and achieve optimum information security for the enterprise. ...  More >>

Approximate Matching: Definition and Terminology

Approximate matching is a promising technology designed to identify similarities between two digital artifacts. This can be very useful for filtering data for security monitoring and digital forensics. ...  More >>

Security3TN Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

Transport Layer Security (TLS) provides mechanisms to protect sensitive data during electronic dissemination across networks. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data