NIST defines secure configuration as the practice of establishing a recognized standardized and established benchmark that stipulates specific settings for a given information technology platform. (Source) NIST further states that once these benchmarks are implemented, your organization will want to establish configuration change controls that involve the systematic proposal, justification, implementation, testing, review, and disposition of changes to the systems, including system upgrades and modifications. (Source)