PR.PS-01: Configuration management practices are established and applied
Ex1: Establish, test, deploy, and maintain hardened baselines that enforce the organization’s cybersecurity policies and provide only essential capabilities (i.e., principle of least functionality)
Ex2: Review all default configuration settings that may potentially impact cybersecurity when installing or upgrading software
Ex3: Monitor implemented software for deviations from approved baselines
Tier
Description
Configuration management practices are established and applied