Mechanisms exist to implement a segregation of duties for configuration management that prevents developers from performing production configuration management duties.
Mechanisms exist to develop, document and maintain secure baseline configurations for technology platforms that are consistent with industry-accepted system hardening standards.
Mechanisms exist to review and update baseline configurations: â–ª At least annually; â–ª When required due to so; or â–ª As part of system component installations and upgrades.
Automated mechanisms exist to govern and report on baseline configurations of the systems.
Mechanisms exist to retain previous versions of baseline configuration to support roll back.
Mechanisms exist to manage baseline configurations for development and test environments separately from operational baseline configurations to minimize the risk of unintentional changes.
Mechanisms exist to configure systems utilized in high-risk areas with more restrictive baseline configurations.
Mechanisms exist to configure network devices to synchronize startup and running configuration files.
Mechanisms exist to document, assess risk and approve or deny deviations to standardized configurations.
Mechanisms exist to respond to unauthorized changes to configuration settings as security incidents.
Passcode