Secure Configurations and Change Management

This section address the practice of establishing a recognized standardized and established benchmark that stipulates specific secure configuration settings for a given information technology platform. Once these benchmarks are implemented, your organization will want to establish configuration change controls that involve the systematic proposal, justification, implementation, testing, review, and disposition of changes to the systems, including system upgrades and modifications.