The purpose of the configuration management process is to ensure that the assets required to deliver services are properly controlled, and that accurate and reliable information about those assets is. Faa enterprisewide configuration management policy consists of a multilayered structure policy, process, and procedures, with each layer providing an increasing level of. Include in your configuration management plan a way you can analyze and report the success of your plan. The purpose of this policy is to establish an agencywide configuration management. Along that same vein, companies should also have the option of customizing preset policies, defining new policies, and adding new baseline configurations andor benchmarks. The business follows a configuration, change, and release management policy to manage the life cycle of all information systems supporting business and technical objectives. All configuration item changes require updating the change management database cmdb and must conform to the configuration management policy and standard. This draft dated 31 march 1997, prepared by the cals.
Develop a configuration and change management training plan. The goal of this policy is to create a prescriptive set of process and procedures, aligned with applicable doit information technology it security policies and. Configuration management is a collection of processes and tools that promote network consistency, track network change, and provide up to date network documentation and visibility. Configuration management cm is the ongoing process of identifying and managing changes to deliverables and other work products. You may need a pdf reader to view some of the files on this page. The purpose of this policy is to provide configuration management. Configuration management policy type order date issued september 19, 2007 responsible office ajw272 access restriction public content.
The cm process is widely used by military engineering organizations to manage changes throughout the system lifecycle of complex systems, such. The federal aviation administration page i and ii 091907 1800. Federal aviation administration configuration control board. Development began in 1994, with the electronic industries alliances eia g33 committee on data and configuration management initiated a task to develop an industry configuration. Configuration management is critical to establishing an initial baseline of hardware, software, and firmware components of enterprise information systems and subsequently controlling and maintaining an accurate inventory of any changes to those systems. Executive agencies, boards, and commissions are required to implement necessary controls to maintain proper documentation of it resources and information assets on the basis of business and security. Configuration management concepts and principles described in nist sp 800128, provide supporting information for nist sp 80053, recommended security controls for federal information systems and organizations. The cm designator identified in each control represents the nistspecified identifier for the configuration management control family. Consistent server installation policies, ownership and configuration management are all about doing the basics well. This policy establishes an agencywide configuration management program and to provide responsibilities, compliance requirements, and overall principles for configuration and change management processes to support information technology management. The configuration management policy is applicable to all information technology it organizations, contractors, and other stakeholders having responsibility for configuration, management, oversight, and successful daytoday operations of the irs it enterprise hardware, software, and. The configuration management process is a framework for setting a baseline for configuration items and adopting change management procedures. Omb category management policy, issued in a series of memoranda, including, but.
The policy provides guidance in decisionmaking and practices that optimize resources, mitigate risk, and maximize return on investment. Chef and salt automatically configure all datica systems according to established and tested policies, and are used as part of our disaster. Configuration management policy epa information directives cio. The state has adopted the configuration management security principles established in nist sp 80053, configuration management control guidelines as the official policy for this security domain. Business systems must develop, adopt or adhere to a formal, documented configuration. Rebooting machines when there is no change to the configuration of the system file permission changes the change advisory board cab may modify the scope periodically. The purpose of this policy is to establish an agencywide configuration management program and to provide responsibilities, compliance requirements, and overall principles for configuration and change management processes to support information technology management across epa. Purpose the purpose of this policy is to establish standards for the base configuration of internal server equipment that is owned andor operated. Salisbury university configuration management policy. This control addresses the establishment of policy. Configuration management resources describes the cm organizational products, tools, support environment, personnel, and training. Software configuration management is a process to systematically manage, organize, and control the changes in the documents, codes, and other entities during the software development life cycle. Prior to gaining initial access to the change management tool, individuals must complete appropriate education that is designated for their change management roles.
Have a process that is appropriate for your products and services so that you can ensure identification and control of the functional and physical attributes throughout the product. Configuration items shall be current, accurate, and complete. Datica standardizes and automates configuration management through the use of chefsalt scripts as well as documentation of all changes to production systems and networks. Program and to provide responsibilities, compliance. Configuration management schedules describes the general cm activities schedule. The requirements for configuration management read quite simply in clause 8. As9100 rev d configuration management in a qms what is it. Datica standardizes and automates configuration management through the use of chefsalt scripts as well as documentation of all changes to production systems.
Nist sp 800128 assumes that information security is an integral part of an organizations overall configuration management. As such, the processes and procedures set forth in this policy document will govern configuration, change, and release management. It is intended to be used in conjunction with the associated department of defense dod adopted configuration management cm standards referenced and all applicable cm related checklists. Although this document is limited to establishing itam policy, the success of the. Sample it change management policies and procedures guide. Many experts argue that configuration and change management are the same thing. The configuration management plan template idamscmp provides guidance and template material for use by ida projects in producing projectspecific. This policy establishes controls related to configuration management. Software configuration management in software engineering.
Configuration management plan checklist page 1 idamscmpcl issue 1 configuration management plan checklist the configuration management plan template idamscmp provides guidance and template. Sample it change management policies and procedures guide evergreen systems, inc. By building and maintaining configuration management bestpractices, you can expect several benefits such as improved network availability and lower costs. To establish policy for a securityfocused configuration management program to ensure compliance with minimally acceptable system. This standard describes configuration management functions and principles and defines a neutral configuration management terminology for use with any product line. What does as9100 rev d require for configuration management. Identify configuration management standards that are specific to your industry before you begin, along with which methods to utilize to measure standards. Iso 7 quality management systems guidelines for configuration management ansieia649 national consensus standard for configuration management geiahb649 configuration management guidance copies of this document are available from. Purpose configuration management is critical to establishing an initial baseline of hardware, software, and firmware components of enterprise information systems and subsequently controlling and maintaining an accurate inventory of any changes to those systems. The focus of this document is on implementation of the information system security aspects of configuration management, and as such the term securityfocused configuration management seccm is used to emphasize the concentration on information security. Guide for securityfocused configuration management of. This document provides requirements for the configuration management process which is required to assure that information systems are. Solutionmethod depicted below is a primary example of an it service.
This configuration management policy manual is provided to facilitate the implementation of naval air systems command navair instruction 4. Configuration change form and opnav 4790ck9c ships configuration change form con inuation to the ta to support configuration management of installeddelivered training assets in accordance with reference e. This policy aligns with the nist 80053 configuration management cm control family. Configuration management is the smart way to administer it assets since it permits the implementation of a standard, consistent, predictable environment. A roadmap to policy based it service management policy based service management architecture is a best practice model that articulates a functional process model, including process interrelationships, for an it organization to be an enterprise wide service provider. Cm1 configuration management policy and procedures establishes a formal documented configuration management policy that addresses purpose, scope, roles, and responsibilities. Configuration management procedures the prepared procedures are applicable to all hardware, software, and firmware components of systems or subsystems developed and acquired by the eed contract andor delegated to configuration management control by the operational sitelevel organizations. Usda and fsa security policy and guidance as well as applicable federal laws, directives, policies, regulations, standards, and guidance. This handbook provides guidance to dod managers assigned the responsibility for configuration management on how to ensure the application of product and data configuration management to defense materiel items, in each phase of their life cycle.
829 290 1112 869 265 359 191 1234 1247 894 100 545 1510 539 696 989 273 1226 976 1055 329 1111 406 1336 1286 467 1076 534 625 1143 194 921 1174 1125 29 264 545 259 1093 1443 56 557 1049 1103 553