Configuration Management Plan Q2-2023

  • Configuration Management Plan includes Personnel, Responsibilities, Resources, Training Requirements, Administrative Meeting guidelines
  • The CMP also includes the following
    • Configuration Identification-Consists of setting and maintaining baselines, which define the system or subsystem architecture, and components before deployment.
    • Change Control- consists of configurations that are controlled, how changes are requested, approved and implemented
    • Configuration Status Accounting-Includes the process of recording and reporting configuration item (e.g., hardware, software, firmware, etc.) and How changes are tracked.
vvvChange control is a systematic approach to managing all changes made to a product or system.  The purpose is to ensure that no unnecessary changes are made, that all changes are documented, that services are not unnecessarily disrupted and that resources are used efficiently. Within information technology (IT), change control is a component of change management. 

Configuration Verification and Audit: An independent review of hardware and software for the purpose of assessing compliance with established requirement. e.g. The United States Government Configuration Baseline (USGCB)/Federal Desktop Core Configuration (FDCC) http://usgcb.nist.gov/usgcb_faq.html#usgcbfaq_usgcbfdcc

SP 800-70

http://csrc.nist.gov/publications/nistpubs/80070rev2/SP80070 rev2.pdf

National Vulnerability Database(NVD)

  • Using scanning tools that are FDCC or USGB compliant can help detect whether a system or application is implemented according to the USA government requirements. Example: Nessus, Saint etc…..
  • Remedy change management software can be used to track and request change
  • Sample CMP
error: Content is protected !!