Configuration management CM is a systems engineering process for establishing and maintaining consistency of a product's performance, functional, and physical attributes with its requirements, design, and operational information throughout its life. Outside the military, the CM process is also used with IT service management as defined by ITIL , and with other domain models in the civil engineering and other industrial engineering segments such as roads, bridges, canals , dams, and buildings. CM applied over the life cycle of a system provides visibility and control of its performance, functional, and physical attributes. CM verifies that a system performs as intended, and is identified and documented in sufficient detail to support its projected life cycle. The CM process facilitates orderly management of system information and system changes for such beneficial purposes as to revise capability; improve performance, reliability, or maintainability; extend life; reduce cost; reduce risk and liability; or correct defects. The relatively minimal cost of implementing CM is returned many fold in cost avoidance.
|Published (Last):||18 September 2010|
|PDF File Size:||18.65 Mb|
|ePub File Size:||5.48 Mb|
|Price:||Free* [*Free Regsitration Required]|
Over the next two decades, this series of standards would be consolidated into a single, all-encompassing standard known as MIL-STD, which was itself ultimately replaced by MIL-HDBK—the first iteration of the current military handbook. Over the years, this holistic approach to configuration management has been expanded upon by a number of different organizations to provide technical guidance in the practice of configuration management at an industry-specific level.
More clearly defined as the practice of handling changes systematically, configuration management ensures that a given system maintains its integrity over time. At its inception, a configuration management program must be driven by a documented plan of action.
This formal document should provide direction for everything from personnel needs and responsibilities to naming conventions; even things like baseline measurements and audit and review processes should be covered. The purpose of configuration management is to ensure system integrity over time, so the more detail that is put into this phase the more resistant to unplanned change the process is.
The Configuration Identification discipline is responsible for defining the baseline configuration of the system at any point in time. It is from this practice that changes to the system can be identified and documented throughout its lifecycle. When a change request is received, the Configuration Control discipline evaluates and responds to the provided proposals with a subsequent approval or disapproval.
After a change has been approved, the Configuration Status discipline is responsible for documenting the incremental changes from the original baseline. This process is crucial towards the safe rollback of any changes when problems arise. Before a configuration baseline can be updated, any applied configurations must be verified and audited independently to ensure that the change complies with the functional and physical characteristics of the system prior to its application.
Once approved, a new baseline is established and the process can begin again. In a standard IT environment, the practice of configuration management is often represented by a software-based approach towards ensuring that the configuration of each device on the network is consistent, reliable, and maintainable.
A sub-discipline of configuration management, Software Configuration Management SCM is a process that aims to track and control system changes in a software-level environment. In some instances, SCM is used to manage the integrity and traceability of a product throughout the software development lifecycle. However, in a typical IT environment, SCM is more-often associated with maintaining the configuration of operating systems and the software that runs on them.
While the five disciplines outlined above can be found in one form or another, much of the manual work that drives the process is now managed by automated configuration management systems that can apply, remove, or reset configuration changes across an entire network in a fraction of the time it would take to do by hand. These automated configuration management systems are often driven by a process called Infrastructure-as-Code IaC.
IaC is the practice of managing network devices through the use of machine-readable definition files, often in a proprietary programming language, rather than through manual or interactive configuration tools. While not every software configuration management tool is managed through Infrastructure-as-Code, it is becoming a favorite amongst administrators of large networks for its flexibility, speed, and risk mitigation.
By treating configuration management as a software-development discipline, individual changes to any device can be tracked at the source-code level, allowing for much more fine-grained auditing and analysis of changes as they flow through the system. For example, when an IaC definition file is changed, that change can be tracked in a version control system to help identify when a given change happens, and who is responsible for it. To take it even further, source code is inherently testable, which means that changes can be audited programmatically prior to their release, allowing for a more fault-tolerant and defect-resistant system.
As enterprise networks have started to move to the cloud, the way in which companies manage the configuration of their endpoints has changed. Moving away from bare-metal resources means more virtualization, which in turn means more endpoints at a lower cost. While a practice like IaC can help streamline the configuration management process, it is also a core component in the DevOps toolchain.
By allowing for source-code-driven configuration management, stakeholders can become more involved in endpoint management much earlier in the process, allowing for a more iterative approach to managing device configurations. In the next article of this series, we will take a deep dive into some of the open source tools systems administrators and DevOps engineers alike rely on to automate their configuration management.
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.
Subscribe to receive Automox vulnerability alerts. Make all of your corporate infrastructure more resilient by automating the basics of cyber hygiene. How it Works Features Features Overview. Remediate your vulnerabilities 30X faster than industry norms with half the effort of traditional solutions.
Request demo. Single lightweight Agent. Automated Policy Enforcement. Endpoint Visibility. Configuration Management. Multi-OS Support. Software Deployment. Automox Worklets. Role-Based Access Control.
Rich API. How can you avert cyber attacks faster with less effort? Use cases Overview. See why Automox is the industry's only solution that provides all the fundamentals of modern cyber hygiene. Be a Smaller Target. Count on Security. Optimize your TCO. Customize policies with Worklets. Manage Remote Workforces.
Know what to ask when choosing your next patch management solution. Learn Overview. Patch Tuesday Central. Knowledge Base. Solution Briefs. Case Studies. Learn how you can secure your remote users without on-prem servers or VPNs.
Community Log In. Get Started Try it yourself Start free trial. Talk to us Contact an expert. See it in action Schedule a demo. Cyber Hygiene Configuration. Zachary Flower January 14, Share this post:. Start a Free Trial.
View Pricing. Take 15 days to raise your security confidence!
MIL-STD-973 Configuration Management (includes Change Notice 1,2 & 3)
MIL-STD-973, MILITARY STANDARD: CONFIGURATION MANAGEMENT (17 APR 1992) [S/S BY EIA-649]