Configuration Management
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Certified Information Systems Security Professional premium course — no separate purchase.
Included in this chapter:
- What configuration management is, and what it is not
- Baselines, benchmarks, provisioning, and drift
- Exam-pattern recognition
Configuration management vs change management vs control-baseline selection
| Dimension | Configuration management (CM) | Change management | Control-baseline selection |
|---|---|---|---|
| Core question | What state is the system in, and does it match the approved baseline? | Is this proposed modification approved to proceed? | Which security controls apply to this system? |
| Authoritative source | NIST SP 800-128; SP 800-53 CM family | NIST SP 800-128 (Controlling Changes phase); CCB process | NIST SP 800-53B; FIPS 199/200 |
| Meaning of 'baseline' | Approved secure configuration of a system/CI (CM-2) | The state a change moves the system from and to | Low/moderate/high control set per impact level |
| Primary artifact | Secure baseline + configuration-item inventory | Change request, impact analysis, CCB approval, back-out plan | Tailored control list |
| Failure it prevents | Configuration drift and unknown, unhardened state | Unauthorized or unanalyzed changes reaching production | Under- or over-protecting a system relative to its impact |
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
Also tested in
References
- NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems Whitepaper
- NIST glossary: baseline configuration Whitepaper
- NIST SP 800-53B, Control Baselines for Information Systems and Organizations Whitepaper
- NIST SP 800-53 Rev. 5 control CM-8, System Component Inventory Whitepaper
- NIST National Checklist Program (NCP), per SP 800-70 Whitepaper
- CIS Benchmarks
- NIST SP 800-53 Rev. 5 control CM-7, Least Functionality Whitepaper