NIST announces an update of Special Publication (SP) 800-128, Guide for Security-Focused Configuration Management of Information Systems, which provides guidelines for organizations responsible for managing and administering the security of federal systems and associated environments of operation. The document focuses on the implementation of system security aspects of configuration management, and as such, the term “security-focused configuration management” (SecCM) is used to emphasize the concentration on information security. NIST has released an errata update to reflect changes that have occurred in technology, terminology, and references since the document’s original publication in 2011. No significant or technical changes have been made to the recommended guidance for SecCM.
Security and Privacy: configuration management, continuous monitoring, security automation
Laws and Regulations: Federal Information Security Modernization Act, OMB Circular A-130