Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Guide for Security-Focused Configuration Management of Information Systems: NIST Updates Special Publication 800-128
October 15, 2019

NIST announces an update of Special Publication (SP) 800-128, Guide for Security-Focused Configuration Management of Information Systemswhich provides guidelines for organizations responsible for managing and administering the security of federal systems and associated environments of operation. The document focuses on the implementation of system security aspects of configuration management, and as such, the term “security-focused configuration management” (SecCM) is used to emphasize the concentration on information security. NIST has released an errata update to reflect changes that have occurred in technology, terminology, and references since the document’s original publication in 2011. No significant or technical changes have been made to the recommended guidance for SecCM.

Created October 15, 2019, Updated October 16, 2019