ISMS 8.9 - Configuration Management Program

Document Name: ISMS 8.9 - Configuration Management Program

Overview: ISMS document detailing various requirements as noted by Controls8.927002:2022 regarding configuration management. 

Specifically, the document includes the following sections:

(1). Configuration Management Planning. (2). Training Requirements. (3). Automated Tools and Software Usage. (4). Security Posture. (5). Baseline Configuration Standards. (6). Insecure Services, Ports, Protocols. (7). Review and Update of Baseline Configurations. (8). Automated Mechanisms for Baseline Configurations. (9). Retention of Previous Baseline Configurations. (10). Baseline Configurations for High-Risk Areas. (11). Least Functionality. (12). Periodic Review. (13). Prevention of Program Execution. (14). Authorized Software and Whitelisting. (15). Asset Inventory. (16). Unauthorized Component Detection. (17). Access Control for Changes. (18). Access Enforcement. (19). Reviewing System Changes. (20). Signed Components. (21). IMPLEMENTATION OF SECURE CONFIGURATIONS. (22). CONFIGURATION CHANGE CONTROL. (23). CONTINUOUS MONITORING.

ISMS Section: ISO/IEC 27001:2022 Annex A Controls and Section 8 - Technological Controls

Control Mapping: Control 8.9 - 27002: 2022

Format: Microsoft Word

Length: 13 pages.