Configuration Management

Configuration management is the discipline of establishing and maintaining consistent settings, configurations, and baselines across your systems throughout their lifecycle. It involves documenting your approved configurations, controlling changes through a formal process, and monitoring for unauthorized deviations.

For cybersecurity, configuration management ensures systems remain in a known, secure state. It covers hardware inventories, software inventories, baseline configurations (like STIGs), change control processes, and configuration monitoring. Without configuration management, systems drift from secure baselines over time, introducing vulnerabilities.

Why It Matters

Configuration management is an entire CMMC domain with multiple requirements. Maintaining documented baselines, controlling changes, and verifying configurations are fundamental activities that assessors will thoroughly evaluate during your assessment.

Related Resources

CMMC: CM.L1-3.4.1
CMMC: CM.L1-3.4.2
CMMC: CM.L2-3.4.3
CMMC: CM.L2-3.4.4
CMMC: CM.L2-3.4.5
CMMC: CM.L2-3.4.6
CMMC: CM.L2-3.4.7
CMMC: CM.L2-3.4.8