Configuration setting — itlaw | wkmrr.org

wkmrr.org itlaw

Definitions

Configuration settings refer to

“

[t]he set of parameters that can be changed in hardware, software, or firmware that affect the security posture and/or functionality of the information system.^[1]

”

“

the set of parameters that can be changed in hardware, software, or firmware components of the information system that affect the security posture or functionality of the system.^[2]

”

Overview

"Information technology products for which security-related configuration settings can be defined include, for example, mainframe computers, servers (e.g., database, electronic mail, authentication, web, proxy, file, domain name), workstations, input/output devices (e.g., scanners, copiers, and printers), network components (e.g., firewalls, routers, gateways, voice and data switches, wireless access points, network appliances, sensors), operating systems, middleware, and applications."^[3]

References

↑ NIST Special Publication 800-53, App. B, Glossary.
↑ NIST Special Publication SP 800-171, at 10 n.20.
↑ Id.