Configuration Management Standard
Number:
SEC-04-03-S was 141.10 (5.1.1, 5.6.2)
Purpose
A baseline configuration of IT systems enables agencies to make sound business, technical, and legal decisions. Ensuring all information systems start and continue to use industry proven tactics by only supporting essential capabilities reduces the attack surface and downstream maintenance expenses. This standard requires documentation of configuration baselines and changes.