SECURE CONFIGURATION MANAGEMENT

Secure configuration management (SCM) is the root of one's security program. In performing the tasks as defined, one must look at how and what customer's change control board (CCB) or technical review board (TRB) operates and what requirements it needs to meet to satisfy the stakeholders and security requirements, which include meeting the business model as its objective. This chapter presents the interaction between the CCB/TRB, project management, and management. If the CCB/TRB is divided into separate organizations, such as a main CCB/TRB, a software management board, or a technical review board, indicate such in one's plan. The training describes SCM training requirements for all project personnel. All training should be documented within the individual's personal training folder or within the training records maintained by the organizational training coordinator. The SCM program manages security features and assurances through control of changes made to the hardware, software, firmware, documentation, test, and test documentation throughout the life cycle of an information system.