Config. Mgmt.
Customized CM Programs
Customized CM Programs
Customized Configuration Management Plans for Department of Defense (DoD) contractors implementing the NIST Risk Management Framework (RMF).
Arlington Security Portal
Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.
Configuration Management Plans for Department of Defense (DoD) Contractors
Arlington is a leading provider of developing customized configuration management plans for Department of Defense (DoD) contractors. Configuration management is an essential component of the NIST Risk Management Framework (RMF), often requiring considerable effort in developing a plan that includes implementing, establishing, maintaining, recording, and effectively monitoring secure configurations to information systems.
Configuration Management Plans for Department of Defense (DoD) Contractors
Configuration management is one of the most important practices within information security due to the fact that critical information systems must be securely configured for ensuring their confidentiality, integrity, and availability – which is the widely-known information security CIA triad.
Per NIST SP 800-128, “…Organizations apply configuration management (CM) for establishing baselines and for tracking, controlling, and managing many aspects of business development and operation (e.g., products, services, manufacturing, business processes, and information technology)…Effective CM of systems requires the integration of the management of secure configurations into the organizational CM process or processes…”
Configuration management is a broad based concept, one that’s used in a wide variety of industries and business sectors, ranging from manufacturing to technology – just to name a few. For purposes of information security – however – configuration management is viewed as the following:
-
Implementing, establishing, maintaining, recording, and effectively monitoring secure configurations to an organization’s overall information system’s landscape, including, but not limited to the following information systems: network devices, operating systems, applications, internally developed software and systems, and other relevant hardware and software platforms.
Whether it’s FISMA, FedRAMP, NIST RMF eMASS, and more, configuration management is a strict requirement for many of today’s DoD contractors. What’s more, developing a true configuration management plan is much more than just a simple policy document, rather, it’s about formalizing a wide-range of initiatives relating to implementing, establishing, maintaining, recording, and effectively monitoring secure configurations to information systems.
DoD Requirements for Configuration Management
Per the NIST RMF, a well-developed configuration management program should address the following:
-
Well-established policies and procedures
-
Baseline configuration
-
Configuration change control
-
Impact Analysis
-
Access restrictions for change
-
Configuration settings
-
Least functionality
-
System component inventory
-
Software usage restrictions
-
User installed software
-
Information location
-
Data action mapping
Arlington Security Portal
Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.
Related Services
A Proven Approach for Developing Customized Configuration Management Programs
Benefits of our Configuration Management Programs
-
Saves federal contractors an incredible amount of time and money.
-
The confidence of knowing your CM Program is developed to your specific needs.
-
CM Programs that have been exhaustively vetted by federal agencies for approval.
Why Arlington for Configuration Management Plans
-
Highly detailed CM Program reflecting your unique environment.
-
Efficient, yet comprehensive methodology for rapid CM Program development.
-
Industry leader with decades of federal compliance experience.
Why Arlington?
Decades of Defense Industry Expertise. Recognized leaders in all things DoD. World-Class Arlington Security Portal (ASP).
Passion. Integrity. Innovation. Impact.
Phase I: Scoping & Analysis
A well-developed configuration management program requires thoughtful consideration in terms of core components of the plan, systems and personnel deemed in scope, plan development, execution, oversight, maintenance, and more.
Phase II: Development
A successful configuration management program requires coverage of a wide-range of information security, operational and technical measures to be included within the plan itself. With Arlington, we’ll work with you every step of the way to customize such a program.
Phase III: Implementation
With the program developed and finalized, implementation is therefore the most essential phase as you’ll need to ensure all personnel adopt, implement, and abide by the actual program. Additionally, monitoring and oversight responsibilities for the program will need to be clearly defined.