U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Projects NIST Risk Management Framework About the RMF Implement Step

NIST Risk Management Framework RMF

Security Configuration Settings

As part of a holistic risk management strategy and applying the information security concept of defense-in-depth, organizations should employ appropriate configuration settings on commercial information technology products that compose their organizational systems. These products include, for example, mainframe computers, workstations, portable and mobile devices, and network components. Requirements to establish mandatory configuration settings derive from the Federal Information Security Management Act as implemented by FIPS 200 and NIST Special Publication 800-53 (Control CM-6, Configuration Settings), and OMB Policy.

The following links provide important information for organizations implementing configuration settings on their system components:

 

Back to About the RMF

Contacts

NIST Risk Management Framework Team
sec-cert@nist.gov

Created November 30, 2016, Updated November 01, 2021