Ensure the configuration management procedures are being applied to firewalls, routers, managed switches, and hubs.

UCF ID: 01281
Control Type: Process or Activity
Status: Live

Supporting and supported controls

This control directly supports:

    Establish and maintain a process to maintain the configuration management policy. [UCF Control ID 00867]

There are no supporting controls.

Authority documents complied with:

The Standard of Good Practice for Information Security, NW2.1.1; Guidelines on Cell Phone and PDA Security, NIST SP 800-124, October 2008, § 4.1.9

NIST Guidance

If possible, the organization should use centralized security management to ensure all handheld devices are in compliance with the organization's mobile device security policy. This system should periodically ensure through communications with handheld devices that they are in compliance with policies, update software and firmware, and download log files. [§ 4.1.9, Guidelines on Cell Phone and PDA Security, NIST SP 800-124, October 2008]

General Guidance

The configuration of network devices should be documented in a standards/procedures document. [NW2.1.1, The Standard of Good Practice for Information Security]

Metrics

The metrics associated with this control are as follows:

    Report on the percentage of systems for which approved configuration settings have been implemented as required by policy. [UCF Control ID 02097]
    Report on the percentage of systems with configurations that do not deviate from approved standards. [UCF Control ID 02098]

Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.


Site and content © Copyright 2003-2009 Network Frontiers, LLC. All rights reserved.