Configuration Management

Management of security features and assurances through control of changes made to hardware, software, firmware, documentation, test, test fixtures, and test documentation throughout the life cycle of an information system. The process of logging, auditing, and monitoring activities related to security controls and security mechanisms over time. This data is then used to identify agents of change, whether objects, subjects, programs, communication pathways, or even the network itself. The use of procedures appropriate for controlling changes to a system’s hardware, software, or firmware structure to ensure that such changes will not lead to a weakness or fault in the system.