- ABOUT THE UCF
- Which UCF Package is Right for You?
- The Science of Compliance eBook
- UCF Controls
- Research Sites List
- Authority Documents
- Authority Documents In-Depth Report
- Language of Compliance
- Metrics Standards
- Roles Definitions
- Monitored Events
- Compliance Docs
- Config Management
- Information Classification
- Audit Guidelines
- XML Database Files
- SHOPPING CART
Configuration Management Standards
Configuration Management Documents provide the organization with individual checklists for each of the targeted assets. Each document is broken up into three parts: the Key Asset information, the Configurable Items for the Asset, and the Controls associated with the asset.
Key Asset information
They provide key asset information, such as the US’ National Vulnerability ID and the OVAL Platform name, and product edition, platform, version, and language specifications. In addition, each Configuration Management document lists all of the assets in question’s descendant assets (such as product versions, editions, or language updates).
Not only does each document provide the directly associated configurable items for the asset, but also it provides a list of all configurable items in the asset’s hierarchy. Many times Authority Documents will call for all products of a certain type to be configured a certain way. Because the UCF maintains its asset list in hierarchical format, we are able to pull into the report all inherited configurable items as well as those directly specified for the asset.
Finally, the UCF’s transparently linked database allows us to also list all of the Controls associated with the particular asset.
Configuration Management Standards is available in the Corporate, Corporate Database, and Developer Packages.
To request a free sample, click here.