The idea behind configuration and change management is that all computer systems enter their life cycle with a baseline: secure configuration. By establishing a known-to-be-secure set of configuration procedures, the baseline, any computer system can start its life with a validated set of secure settings. From that point on, any change to the system configuration and setup will trigger change control procedures that track the changes.
To illustrate, a baseline configuration procedure dictates that a brand new computer system will have its host-based firewall enabled without any firewall exceptions applied. Then, depending on the applications that will run on this system, changes to the baseline configuration ...