To ensure the security of hardware, software, services, and networks, an organization should create and enact procedures or tools for defined configurations and make sure that they remain satisfactory over their lifetime. The organization should establish standard templates for secure configuration, using publicly available guidance and considering the organization’s security policy and requirements. Software, service, hardware, and network configurations should be recorded, organizations should keep a log of configuration changes. They should also monitor configuration records regularly, and any deviations from the target configuration should be addressed through automatic enforcement or manual analysis followed by corrective action.
Conformance1
Tools for conforming to standards, goals and processes
