Configuration Management (CM)

Purpose – 

The Configuration Management Policy and associated controls describe the requirements for managing risks associated with configuring new information systems, controlling changes to information systems, configuration, and security settings. Requirements are also defined for reducing information security risk by implementing least functionality, an information system inventory, and software use restrictions. 

---

Scope and Roles –  

This policy applies to information resources owned or managed by Tarleton State University (Tarleton). The intended audience includes the Tarleton Chief Information Officer (CIO), Chief Information Security Officer (CISO), and information resource owners and custodians. 

---

Compliance –  

Configuration Management controls are implemented to ensure compliance with the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by Title 1 Texas Administrative Code §202.76 and Texas A&M University System Regulation 29.01.03, Information Security.