CM-1 Configuration Management Controls
Overview
The West Texas A&M Information Security Controls Catalog establishes the minimum standards and controls for University information security in accordance with the state's Information Security Standards for Institutions of Higher Education found in Title 1, Chapter 202, Texas Administrative Code (TAC 202).
Purpose
This document establishes the enterprise configuration management regulations and procedures. The purpose of these regulations and procedures are to manage risks from system changes impacting West Texas A&M University baseline configuration settings, system configuration, and system security settings.
Scope
The scope of these regulations and procedures are applicable to all information resources owned or operated by WTAMU. All users are responsible for adhering to this policy. If needed or appropriate, information regarding roles, responsibilities, management commitment, and coordination among organizational entities are embedded within these procedures.
Regulations and Procedures
The State of Texas Department of Information Resources (DIR) has chosen to adopt a select number of Configuration Management Controls as established within the NIST SP 800-53 control family guidelines identified by the DIR Security Control Standards Catalog.DIR Catalog
WTAMU must develop, adopt or adhere to a formal, documented configuration management regulations and procedures that address purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
Information Technology (IT) will maintain regulations and procedures for configuration management that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.