| Configuration settings are the configurable security-related parameters of information technology products that are part of the information system.
Security-related parameters are those parameters impacting the security state of the system including parameters related to meeting other security control requirements.
Security-related parameters include: registry settings; account, file, and directory settings (i.e., permissions); and settings for services, ports, protocols, and remote connections.
Incident Response teams require input from authoritative sources in order to investigate events that have occurred. Configuration management solutions are a logical source for providing information regarding system configuration changes. Unauthorized, security-relevant configuration changes must be incorporated into the organization’s incident response capability to ensure such detected events are tracked for historical purposes. |
