An ISCM capability that identifies configuration settings (Common Configuration Enumerations [CCEs]) on devices that are likely to be used by attackers to compromise a device and use it as a platform from which to extend compromise to the network.
NISTIR 8011 Vol. 1
See Capability, Configuration Settings Management.
NISTIR 8011 Vol. 1 under Configuration Settings Management