Skip to content ↓ | Skip to navigation ↓

Security configuration management is one of the most effective security controls you can implement, and it is foundational to many regulatory standards and security frameworks.

In addition, there are two controls in the Top 20 Critical Controls that address security configuration Management: Control 3 – Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers, and Control 10 – Secure Configurations for Network Devices.

The concept of security configuration management appears to be simple, as it calls to harden your IT systems to reduce your attack surface and continuously monitor them to ensure that they remain in a hardened, secure state.

Although the concept is simple, the process could be burdensome if there is little automation of manual tasks and collaboration between security and operations teams.

The analyst firm Gartner, for example, has identified that configuration hardening is required for security and compliance and essential for warding off targeted attacks.

Click here to download a brief featuring a complimentary Gartner research note (form required) on the topic and learn how security configuration management is essential to assure and measure overall security posture.


In the brief you will also find the following Tripwire assets that will help you make security configuration management practical and doable:

Free download: SecureCheq – a fast, simple and free utility for Windows servers and desktops that tests for a subset of common configuration risks, and then demonstrates how systems can be continually hardened against attacks.


Related Articles:


P.S. Have you met John Powers, supernatural CISO?


Title image courtesy of ShutterStock