BinaDox – Application Security: Blacklist vs Whitelist Approaches 3.4 3.4.9 Configuration Management
This article explains blacklisting and whitelisting approaches and discusses their strengths and weaknesses.
SEARCH RESULTS
Center for Internet Security – Benchmarks 3.13 3.13.2 3.4 3.4.2 Configuration Management System and Communications Protection
The CIS Benchmarks are prescriptive configuration recommendations for more than 25+ vendor product families. They represent the consensus-based effort of cybersecurity experts globally to help you protect your systems against threats more confidently.
Department of Homeland Security – Application Whitelisting (AWL): Strategic Planning Guide 3.4 3.4.8 Configuration Management
This document highlights and summarizes the types of choices, and the related decisions, that need to be made prior to starting the planning process.
DISA – Security Technical Information Guide (STIG) 3.4 3.4.6 Configuration Management
This site contains the Security Technical Implementation Guides and Security Requirements Guides for the Department of Defense (DOD) information technology systems as mandated by DODI 8500.01. This guidance bridges the gap between the National Institute of Standards and Technology Special Publication 800-53 and risk management framework (RMF).
DoD Instruction 8551.01 – Ports, Protocols, and Services Management (PPSM) 3.4 3.4.7 Configuration Management
DoD Instruction 8551.01 Ports, Protocols, and Services Management (PPSM) standardizes procedures to catalog, regulate, and control the use and management of protocols in the Internet protocol suite, and associated ports (also known as protocols, data services, and associated ports or ports, protocols, and services); also referred to as PPS on DoD information networks (DODIN) including the connected information systems, platform information technology (IT) systems, platform IT (PIT), and products based on the potential that unregulated PPSM can damage DoD operations and interests and applies to all PPS used throughout planned, newly developed, acquired, and existing DODIN (whether used internal or external to the enclave), which include DoD Information Technology (IT).
Forta – What Is SCM (Security Configuration Management)? 3.4 3.4.2 Configuration Management
This article details the basics of security configuration management, and considerations for effective security configuration management.
Fortra – CIS Control 02: Inventory and Control of Software Assets 3.4 3.4.8
This blog goes over Control 2 from version 8.1 of the top 18 CIS Controls – Inventory and Control of Software Assets. It discusses the seven safeguards and offers thoughts and information
Freshworks – ITIL Change Management Process 3.4 3.4.3 3.4.4 3.4.5 Configuration Management
This site provides various resources for the change management process based on ITIL. It also allows for a free ITSM trial.
Georgetown University – Restricted List of Ports, Protocols, and/or Services 3.4 3.4.7 Configuration Management
This link provides a list of ports, protocols, and/or services that Georgetown University blocks in support of their least functionality guideline.
Glarysoft – Monitoring Windows Security Settings Configuration in Windows 3.4 3.4.1 Configuration Management
15 actionable ways to monitor and manage security setting configurations in Windows.