Guide for Security Configuration Management of Information Systems

    Guide for Security Configuration Management of Information Systems

    Your network and client systems are always in a state of flux, so you need a baseline to ensure these systems communicate in a secure manner. This research note will help you establish a security baseline for your network.

    An information system is composed of many components that can be interconnected in a
    multitude of arrangements to meet a variety of business, mission and information
    security needs. How these information system components are networked, configured and
    managed is critical in providing adequate information security and supporting an
    organization’s risk management process.

    An information system is typically in a constant state of change in response to new
    or enhanced hardware and software capability, patches for correcting errors to existing
    components, new security threats and changing business functions. Implementing
    information system changes almost always results in some adjustment to the system
    baseline configuration. To ensure that the required adjustments to the system
    configuration do not adversely affect the information system security, a well-defined
    security configuration management process is needed.

    This security configuration management publication is intended to provide guidelines
    for organizations responsible for managing and administrating the security of federal
    information system computing environments. For organizations responsible for the
    security of information processed, stored and transmitted by external or
    service-oriented computing environments (e.g., cloud computing environment providers),
    the security configuration management concepts and principles presented here can aid
    organizations in establishing assurance requirements for suppliers providing external
    computing services.

    The attached Zip file includes:

    • Intro Page.doc
    • Cover Sheet and Terms.doc
    • Guide for Security Configuration Management of Information Systems.pdf

    Latest Articles