Configuration Management establishes and maintains consistent settings for systems throughout their lifecycle. It tracks hardware components, software versions, and configuration parameters. Configuration baselines define approved states, and monitoring detects unauthorized deviations. Without configuration management, organizations lose visibility into what’s deployed and how it’s configured.
Security configuration management ensures systems are hardened according to standards, vulnerable configurations are identified, and changes are controlled. Configuration management databases (CMDBs) maintain inventories that support vulnerability management, incident response, and compliance reporting.
CISSP Relevance
Configuration management spans Domain 7 (Security Operations) and Domain 3 (Security Architecture). Understand baseline establishment, drift detection, security configuration guides (STIGs, CIS Benchmarks), and integration with change management. Know that misconfiguration is a leading cause of security incidents.
CIS provides configuration benchmarks at CIS Benchmarks.
Related terms: Change Management, Vulnerability Assessment