CM-6: Configuration Settings

NIST Baseline:  Low 

DIR Required By:  07/20/2023 

TAMUS Required By:  08/01/2022 

Review Date:  06/26/2024

• Information resource custodians, or their designee(s), are responsible for:  
  • Establishing and documenting mandatory configuration settings for information resources.  Tarleton adopts baseline security configurations that meet or exceed published industry best practice resources (e.g., Center for Internet Security Benchmarks [CIS Benchmarks], NIST National Checklist Program [NCP]) when available;  
  • Configuring security settings in the most restrictive mode consistent with operational requirements;  
  • Documenting configuration settings (i.e., in the information resource, in a checklist, or configuration file);   
  • Enforcing the configuration settings in all components in the information resource; and  
  • Monitoring and controlling changes to the configuration settings in accordance with organizational policies and procedures. 

---

References/Additional Resources

None.  See any applicable internal procedures.