The basic parameters that control how hardware, software, and even entire networks operate are configurations, whether they take the form of a single configuration file or a collection of connected configurations. For instance, the default properties a firewall uses to control traffic to and from a company’s network, such as block lists, port forwarding, virtual LANs, and VPN information, are stored in the firewall’s configuration file.
Configuration management is now presented as a new control in the new, revised edition of ISO 27002:2022 (Control 8.9). It is a crucial component of an organization’s security management. This blog will guide you through the essentials of Control 8.9.
What is Control 8.9, Configuration Management?
The Standard states that hardware, software, service, and network settings, including security configurations, should be defined, recorded, put into practice, monitored, and routinely evaluated.
ISO 27002:2022 defines configuration management as “the process of controlling and managing the changes to the hardware, software, and network configurations of an organization’s IT systems. It is the practice of identifying, documenting, and managing…
