An incorrect or subobtimal configuration of an information system or system component that may lead to vulnerabilities.
NIST SP 800-128 under Misconfiguration
An incorrect or suboptimal configuration of an information system or system component that may lead to vulnerabilities.
NIST SP 800-128
A setting within a computer program that violates a configuration policy or that permits or causes unintended behavior that impacts the security posture of a system. CCE can be used for enumerating misconfigurations. NOTE: NIST generally defines vulnerability as including both software flaws and configuration issues [misconfigurations]. For the purposes of the validation program and dependent procurement language, the SCAP Validation program is defining vulnerability and misconfiguration as two separate entities, with “vulnerability” referring strictly to software flaws.
NISTIR 7511 Rev. 4 under Misconfiguration