SecFrame Explorer
3/3
// Level 3 · Controls

Configuration Management

Establish and maintain baseline configurations.

3.4.1High

Baseline Configurations

Establish and maintain baseline configurations and inventories of organizational systems.

3.4.2High

Configuration Settings

Establish and enforce security configuration settings for IT products.

3.4.3Medium

Change Tracking

Track, review, approve/disapprove, and log changes to organizational systems.

3.4.4Medium

Change Impact Analysis

Analyze the security impact of changes prior to implementation.

3.4.5Medium

Access Restrictions for Change

Define, document, approve, and enforce physical and logical access restrictions.

3.4.6Medium

Least Functionality

Employ the principle of least functionality by configuring systems to provide only essential capabilities.

3.4.7Medium

Nonessential Functions

Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services.

3.4.8High

Application Execution Policy

Apply deny-by-exception (blacklist) or permit-by-exception (whitelist) policies for software execution.

3.4.9Medium

User-Installed Software

Control and monitor user-installed software.