Configuration Management Standards

Configuration Management Documents provide the organization with individual checklists for each of the targeted assets. Each document is broken up into three parts: the Key Asset information, the Configurable Items for the Asset, and the Controls associated with the asset.

Key Asset information

They provide key asset information, such as the US’ National Vulnerability ID and the OVAL Platform name, and product edition, platform, version, and language specifications. In addition, each Configuration Management document lists all of the assets in question’s descendant assets (such as product versions, editions, or language updates).

Configurable Items

Not only does each document provide the directly associated configurable items for the asset, but also it provides a list of all configurable items in the asset’s hierarchy. Many times Authority Documents will call for all products of a certain type to be configured a certain way. Because the UCF maintains its asset list in hierarchical format, we are able to pull into the report all inherited configurable items as well as those directly specified for the asset.

Associated Controls

Finally, the UCF’s transparently linked database allows us to also list all of the Controls associated with the particular asset.

Configuration Management Standards is available in the Corporate, Corporate Database, and Developer Packages.

To request a free sample, click here.

configuration management illustration