Bae systems is a premier global defense and security company with approximately 90,000 employees delivering a full range of products and. Secure configuration for hardware and software on mobile. Configuration management is the process of identifying, controlling, accounting for and auditing changes made to a preestablished baseline. Configuration management process, roles, and responsibilities.
It is abbreviated as the scm process in software engineering. It emphasizes the importance of configuration control in managing software production. Through the control of changes the configuration process manages the security features and assurances throughout the life cycle of an information. For instance, sem can be utilized as a cyber threat intelligence framework to help it teams identify security threats and make informed decisions about potential security issues. Configuration management is defined by isc2 as a process of identifying and documenting hardware components and software and the associated settings. This column contains a running commentary on how aegis achieves many of the desirable security goals david outlines. Software configuration management encompasses the disciplines and techniques of initiating, evaluating, and controlling change to software products during and after the development process. Configuration management concepts and principles described in nist sp 800128, provide supporting information for nist sp 80053, recommended security controls for federal information. The primary audience for the configuration management procedure includes all epa personnel in roles that are directly responsible for the configuration, management, o versight, and successful day to day. Software configuration management in software engineering.
Cisco sce8000 10gbe software configuration guide, release. The list of the most popular software configuration management tools top scm tools in 2020 in software engineering software configuration management is the task of tracking and controlling changes in the software part of the larger disciplinary field of configuration management. Ccm is a continuous process of controlling and approving changes to information or technology assets or related. Ccm is a continuous process of controlling and approving changes to information or technology. Configuration management cm is a systems engineering process for. The goal of scm is to improve the speed of and quality by catching. The primary audience for the configuration management procedure includes all epa personnel in roles that are directly responsible for the configuration, management, o versight, and successful day to day operations of epa enterprise hardware, software and applicable documentation. Left unchecked, these continuous software changes lead to a degradation in performance and quality. The left column is david wheelers essay about software configuration management and security.
Vendors include perforce, concurrent versions system cvs, microsoft visual source safe vss, ibm rational, and others. Without a security configuration management plan, the task of. This matrix presents indicators that detect operating systems, browsers, unsupported, and other software installations on systems within a network. Software configuration management scm is a set of processes, policies, and tools that organize the development process. Securityfocused configuration management helps enable appropriate levels of security to be maintained for a system and the management of security risks.
This is the configuration management plan, document number xyz004, for the system z project. Scm tools often control who can read and modify the source code of a program, keep history information so that people can find out what changed between versions, and who changed them, and generally help developers work together to improve a program under development. Jan 05, 2017 configuration is the manner in which components are arranged to make up the computer system. Configuration management cm is the detailed recording and updating of information that describes an enterprises computer systems and networks, including all hardware and software components. Planning configuration management planning defines how configuration management will be implemented in a company or organization. Software configuration management tools and principles. Security teams can use the information provided to effectively manage current inventory assets, and monitor the network for unauthorized devices. A configuration management plan cmp is an essential document that provides a structured method of documenting the configuration management process for a gss or ma. Configuration management concepts and principles described in nist sp 800128, provide supporting information for nist sp 80053, recommended security controls for federal information systems and organizations. Planning configuration management planning defines how configuration management will be. In addition to operating as network firewall security management software, solarwinds security event manager can be used many other ways. Software configuration management scm a practical guide.
Special configuration management software is available, such as bmc software s atrium and hewlett packard enterprises universal configuration management database. Managing change control cissp security management and. In the context of information assurance, configuration management is the management of security features and assurances through the control of changes made to. Software configuration management is also known as software control management. Configuration management a a key layer of cybersecurity.
Belarcs products automatically create an accurate and uptodate central repository cmdb, consisting of detailed software, hardware, network and security configurations. The goal is to move beyond the original design to a hardened, operationally sound configuration. Its purpose is to ensure consistency in performance. Using that information, it security personnel can track and correct all authorized devices and software. Sep 12, 2019 configuration management is an increasingly important foundation for a successful tech platform.
Software configuration management scm security aegis. However, because of the changing nature of technology and the continual appearance of new security threats, effective software update management requires consistent and continual attention. Jul 01, 2014 software configuration management scm is a software engineering discipline consisting of standard processes and techniques often used by organizations to manage the changes introduced to its software products. What configuration management is and where it originated from. Security and privacy for content management in configuration manager. This foundational control blends key practices such as vulnerability. Aug 16, 2011 security focused configuration management helps enable appropriate levels of security to be maintained for a system and the management of security risks. Configuration management cm is a systems engineering process for establishing and maintaining consistency of a products performance, functional, and physical attributes with its requirements. In software engineering, software configuration management scm or sw cm is the task of tracking and controlling changes in the software, part of the larger crossdisciplinary field of configuration. Your security configuration management plan in action. Enterprise manager configuration management is a comprehensive solution that helps database, system and application.
Cisco sce8000 10gbe software configuration guide, release 3. Configuration management is a critical component in daytoday operations. The purpose of special publication 800128, guide for securityfocused configuration management of information systems, is to provide guidelines for organizations responsible for managing and administering the security of federal information systems and associated environments of operation. Guide for securityfocused configuration management of.
Problem is, the people who develop scm tools often dont think about what kind of security requirements they need to support. The ssg is prepared to respond to an event or alert, and is regularly included in the. Scm is important in it because new software elements are constantly being added and updated across an enterprise. Introduction to software updates configuration manager. Software development is often supported by specialized programs called software configuration management scm tools. Software configuration management is a process to systematically manage, organize, and control the changes in the documents, codes, and other entities during the software development life cycle. This column contains a running commentary on how aegis achieves many of the desirable security goals.
Configuration management a a key layer of cybersecurity defense. The configuration management plan provides details of how the system z team will manage the control of configuration items being developed under each phase. Top 10 configuration management tools you need to know about. Understand how to define scm and discuss how to accomplish it. Once enterprises have discovered all their assets, they can move on to security configuration management scm. Software configuration management scm is a software engineering discipline consisting of standard processes and techniques often used by organizations to manage the changes introduced. Configuration manager current branch this article contains security and privacy information for content management in configuration manager.
Configuration consists of both hardware and software components. It defines the policies and procedures for configuration management cm and the infrastructure. Software development is often supported by specialized programs called software configuration management scm tools, aka version control tools. Why security configuration management scm matters tripwire. Aug 19, 2016 configuration management, or software configuration management, is the tracking and controlling of software changes in a system. One of the key security aspects of revision control and configuration management is the capability to track changes. Configuration is the manner in which components are arranged to make up the computer system. Establish a minimum baseline configuration for information systems or components with elevated security controls when a device is used to access information systems in locations that the agency deems to be of significant risk. Configuration management is an increasingly important foundation for a successful tech platform. A configuration management process and its supporting repository, cmdb or cms, face the challenge of overlapping and contradicting data from sources across the enterprise. The national institute of standards and technology defines security configuration management as the management and control of configurations for an information system with the goal of enabling security and managing risk.
Through the control of changes the configuration process manages the security features and assurances throughout the life cycle of an information system to hardware, software, firmware, documentation, test, test fixtures, and test documentation. Configuration management, or software configuration management, is the tracking and controlling of software changes in a system. Good leaders in the tech space will want to know what it takes to implement it. For instance, sem can be utilized as a cyber threat intelligence. Sometimes, people specifically point to hardware arrangement as hardware configuration and to software components as software configuration. Content management security and privacy configuration. Nist offers tips on security configuration management gcn. Top 8 configuration management tools for every it administrator. Nist sp 800128 assumes that information security is an integral part of an organizations overall configuration management. For information assurance, cm can be defined as the management of security features and assurances through control of changes made to hardware, software.
Changes, updates and patches in it hardware and software almost always results in some adjustment to the system configuration. If problems occur, administrators can examine the system in the context of the software and other installed components to see what might have caused the problem. Understanding cis control 5 center for internet security. The information in the configuration management database cmdb is used for five major activities. Network firewall security management software solarwinds. The ssg is prepared to respond to an event or alert, and is regularly included in the incident response process, either by creating its own incident response capability or by regularly interfacing with the organizations. Configuration management cm is a systems engineering process for establishing and maintaining consistency of a products performance, functional, and physical attributes with its requirements, design, and operational information throughout its life. If problems occur, administrators can examine the system in the context of the. This document provides a practical guide for integrating software configuration management disciplines into the management of software engineering projects. Establish, implement, and actively manage track, report on, correct the security configuration of mobile devices, laptops, servers, and workstations using a rigorous configuration management and change. For an example scenario that shows how you might deploy software updates in your environment, see example scenario to deploy security software updates. Sep 05, 2018 your security configuration management plan in action.
Configuration management ensures that the software and devices running on the network are current, trusted and secure. Documenting information system changes and assessing the potential impact on the security of the system on an ongoing basis is an essential aspect of maintaining the security accreditation. Its purpose is to ensure consistency in performance, functionality, and design. States and the world by storm and software configuration management is getting. Scm tools often control can read and modify the source code of a program, keep history information so that people can find out what changed between versions, and who changed them, and generally help developers work together to improve a program under development. What is configuration management and how does it work. Software configuration management an overview sciencedirect. Oct 26, 2018 security and privacy for content management in configuration manager. Software configuration management sei digital library. The scm practices include vision controls in the establishment. Over time, it systems invariably move towards a state of disorder. Jan 25, 2018 software configuration management scm is a set of processes, policies, and tools that organize the development process. The goal of scm is to improve the speed of and quality by catching errors early and enabling quick fixes when they occur. Without a security configuration management plan, the task of maintaining secure configurations even on a single server is daunting.
This foundational control blends key practices such as vulnerability assessment, automated remediation and configuration assessment. Establish, implement, and actively manage track, report on, correct the security configuration of mobile devices, laptops, servers, and workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings. Planning includes defining the scope and the objectives of configuration management. Bae systems hiring software configuration management in. What is configuration management and why is it important. Establish a minimum baseline configuration for information systems or components with elevated security controls when a device is used to access information systems in locations that the agency. In software engineering, software configuration management scm or sw cm is the task of tracking and controlling changes in the software, part of the larger crossdisciplinary field of configuration management. A configuration management process for each general support system gss and major application ma will effectively manage and track system changes. Scm helps in identifying individual elements and configurations, tracking changes, and version selection, control, and baselining.
428 1185 965 1338 705 855 446 687 180 1319 1208 987 563 1282 675 1165 252 63 498 904 1117 955 364 919 591 956 621 1051 485 158 993 1329 484 1088