CFG — Configuration Management
28 controls in the Configuration Management domain
CFG-01Configuration Management Program
CFG-01.1Assignment of Responsibility
CFG-02Secure Baseline Configurations
CFG-02.1Reviews & Updates
CFG-02.2Automated Central Management & Verification
CFG-02.3Retention Of Previous Configurations
CFG-02.4Development & Test Environment Configurations
CFG-02.5Configure Technology Assets, Applications and/or Services (TAAS) for High-Risk Areas
CFG-02.6Network Device Configuration File Synchronization
CFG-02.7Approved Configuration Deviations
CFG-02.8Respond To Unauthorized Changes
CFG-02.9Baseline Tailoring
CFG-03Least Functionality
CFG-03.1Periodic Review
CFG-03.2Prevent Unauthorized Software Execution
CFG-03.3Explicitly Allow / Deny Applications
CFG-03.4Split Tunneling
CFG-04Software Usage Restrictions
CFG-04.1Open Source Software
CFG-04.2Unsupported Internet Browsers & Email Clients
CFG-05User-Installed Software
CFG-05.1Unauthorized Installation Alerts
CFG-05.2Restrict Roles Permitted To Install Software
CFG-06Configuration Enforcement
CFG-06.1Integrity Assurance & Enforcement (IAE)
CFG-07Zero-Touch Provisioning (ZTP)
CFG-08Sensitive / Regulated Data Access Enforcement
CFG-08.1Sensitive / Regulated Data Actions