U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

misconfiguration

Definition(s):

  An incorrect or subobtimal configuration of an information system or system component that may lead to vulnerabilities.
Source(s):
NIST SP 800-128 under Misconfiguration

  An incorrect or suboptimal configuration of an information system or system component that may lead to vulnerabilities.
Source(s):
NIST SP 800-128

  A setting within a computer program that violates a configuration policy or that permits or causes unintended behavior that impacts the security posture of a system. CCE can be used for enumerating misconfigurations. NOTE: NIST generally defines vulnerability as including both software flaws and configuration issues [misconfigurations]. For the purposes of the validation program and dependent procurement language, the SCAP Validation program is defining vulnerability and misconfiguration as two separate entities, with “vulnerability” referring strictly to software flaws.
Source(s):
NISTIR 7511 Rev. 4 under Misconfiguration