What do you think?
Rate this book
NIST SP 800-128 Guide for Security-Focused Configuration Management of Information Systems
NIST SP 800-128 August 2011 An information system is typically in a constant state of change in response to new, enhanced, corrected, or updated hardware and software capabilities, patches for correcting software flaws and other errors to existing components, new security threats, changing business functions, etc. Implementing information system changes almost always results in some adjustment to the system configuration. To ensure that the required adjustments to the system configuration do not adversely affect the security of the information system or the organization from operation of the information system, a well-defined configuration management process that integrates information security is needed. Organizations apply configuration management (CM) for establishing baselines and for tracking, controlling, and managing many aspects of business development and operation (e.g., products, services, manufacturing, business processes, and information technology). Organizations with a robust and effective CM process need to consider information security implications with respect to the development and operation of information systems including hardware, software, applications, and documentation. Effective CM of information systems requires the integration of the management of secure configurations into the organizational CM process or processes. For this reason, this document assumes that information security is an integral part of an organization’s overall CM process; however, the focus of this document is on implementation of the information system security aspects of CM, and as such the term security-focused configuration management (SecCM) is used to emphasize the concentration on information security. Though both IT business application functions and security-focused practices are expected to be integrated as a single process, SecCM in this context is defined as the management and control of configurations for information systems to enable security and facilitate the management of information security risk. Why buy an eBook when you can download a PDF for free? First you gotta find it and make sure it’s the latest version, not always easy. It’s much more cost-effective to just order the latest version from Amazon.com Unlike a PDF, this eBook allows easy page navigation because we bookmarked the Chapters and Appendices. (Don’t judge based on the free sample because that functionality is not activated on the free sample.) Once you buy a copy you will see how easy it is to get to the information you seek - fast. Also, if you turn on Text-to-Speech, your kindle will read the book out loud for you! This material is published by 4th Watch Publishing Co. We publish tightly-bound, full-size books at 8 ½ by 11 inches, with glossy covers. 4th Watch Publishing Co. is a Service Disabled Veteran Owned Small Business (SDVOSB) and is not affiliated with the National Institute of Standards and Technology. A full copy of over 300 cybersecurity standards is loaded on our CyberSecurity Standards Library DVD which is available at Amazon.com. And, if you need to look up an acronym or the definition of a word, just go to the Cyber Dictionary.
Kindle Edition
Published December 9, 2017
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
No one has reviewed this book yet.