Understanding Configuration Management
Configuration management is the practice of ensuring that systems are configured with security in mind and that configuration is tightly controlled. Many organizations use configuration management to ensure that systems are configured with a secure baseline. For example, servers start with similar system configurations that make them more secure from the default configuration. Specific types of servers (such as web servers or application servers) can then deviate from this configuration based on individual needs.
FIPS Pub 200 was mentioned previously as a standard that requires minimum accounting requirements for federal agencies. It also lists minimum requirements for configuration control, as follows: ...
Get SSCP Systems Security Certified Practitioner All-in-One Exam Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
