The management and control of configurations for an information system to enable security and facilitate the management of risk.
Sources:
NIST SP 800-128