NIST SP 800-128: Security-Focused Configuration Management of Information Systems Guidelines

The National Institute of Standards and Technology (NIST) has issued new Security-Focused Configuration Management of Information Systems guidelines (SP 800-128).

The Special Publication (SP) 800-128 provides updated guidance to help organizations securely configure (or “harden”), manage and monitor information systems.

NIST introduces a new term dubbed Security-Focused Configuration Management (SecCM) as they describe in SP 800-128 abstract:

“The focus of this document is on implementation of the information system security aspects of configuration management, and as such the term security-focused configuration management (SecCM) is used to emphasize the concentration on information security. In addition to the fundamental concepts associated with SecCM, the process of applying SecCM practices to information systems is described. The goal of SecCM activities is to manage and monitor the configurations of information systems to achieve adequate security and minimize organizational risk while supporting the desired business functionality and services.”

Check out our blog post for key highlights from SP 800-128.