This article describes how security configuration management works, the benefits of security configuration management, and how to choose a security configuration management tool.
This document provides tips, tools, and techniques for leading a successful change initiative
This is UC Berkeley's secure device configuration guideline with adherence to their security policy mandate. This is an example of a how to assess a secure configuration.
This guide was created to assist individuals responsible for managing risk management programs for IT operations, including executives who establish policies and priorities for risk management, managers and planners who are responsible for converting executive decisions into action plans, and operations staff who implement those operational risk management plans.
Most companies don’t struggle with implementing this practice—they struggle with the documentation. When it’s time to show evidence, things can get messy. You need to define exactly what’s “essential” and “nonessential” and provide proof that you’ve applied these definitions consistently across your systems.
This is a video from Simplilearn that covers ITIL Change Management process.
This video explains CMMC Control CM.L2‑3.4.5, which requires organizations to define, document, approve, and enforce physical and logical access restrictions related to changes in organizational systems.
This is a video from CIS that covers secure configurations for hardware and software.