m (→Overview) |
m (→Definition) Tag: sourceedit |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | == |
+ | == Definitions == |
'''Configuration settings''' refer to |
'''Configuration settings''' refer to |
||
| Line 5: | Line 5: | ||
{{Quote|[t]he set of [[parameter]]s that can be changed in [[hardware]], [[software]], or [[firmware]] that affect the [[security]] posture and/or [[functionality]] of the [[information system]].<ref>[[NIST Special Publication 800-53]], App. B, Glossary.</ref>}} |
{{Quote|[t]he set of [[parameter]]s that can be changed in [[hardware]], [[software]], or [[firmware]] that affect the [[security]] posture and/or [[functionality]] of the [[information system]].<ref>[[NIST Special Publication 800-53]], App. B, Glossary.</ref>}} |
||
| − | {{Quote|the set of [[parameter]]s that can be changed in [[hardware]], [[software]], or [[firmware]] [[component]]s of the [[information system]] that affect the [[security]] posture or [[functionality]] of the [[system]].<ref>[[NIST Special Publication SP 800-171]], at 10.</ref>}} |
+ | {{Quote|the set of [[parameter]]s that can be changed in [[hardware]], [[software]], or [[firmware]] [[component]]s of the [[information system]] that affect the [[security]] posture or [[functionality]] of the [[system]].<ref>[[NIST Special Publication SP 800-171]], at 10 n.20.</ref>}} |
== Overview == |
== Overview == |
||
Latest revision as of 21:57, 7 July 2017
Definitions[]
Configuration settings refer to
| “ | [t]he set of parameters that can be changed in hardware, software, or firmware that affect the security posture and/or functionality of the information system.[1] | ” |
| “ | the set of parameters that can be changed in hardware, software, or firmware components of the information system that affect the security posture or functionality of the system.[2] | ” |
Overview[]
"Information technology products for which security-related configuration settings can be defined include, for example, mainframe computers, servers (e.g., database, electronic mail, authentication, web, proxy, file, domain name), workstations, input/output devices (e.g., scanners, copiers, and printers), network components (e.g., firewalls, routers, gateways, voice and data switches, wireless access points, network appliances, sensors), operating systems, middleware, and applications."[3]
References[]
- ↑ NIST Special Publication 800-53, App. B, Glossary.
- ↑ NIST Special Publication SP 800-171, at 10 n.20.
- ↑ Id.