DS9.3 Configuration Integrity Review
Review and verify on a regular basis, using, where necessary, appropriate tools, the status of configuration items to confirm the integrity of the current and historical configuration data and to compare against the actual situation. Review periodically against the policy for software usage the existence of any personal or unlicensed software or any software instances in excess of current license agreements. Errors and deviations must be reported, acted on and corrected.
Illustrative Controls and the TIBCO LogLogic Solution
Configuration management ensures that security, availability, and processing integrity controls are set up in the system and maintained through its life cycle. Insufficient configuration controls can lead to security and availability exposures that can permit unauthorized access to systems and data and impact financial reporting.
To satisfy this control objective, administrators must ensure that only authorized software is permitted for use by employees using company IT assets. System infrastructure, including firewalls, routers, switches, network operating systems, servers and other related devices, is properly configured to prevent unauthorized access. Application software and data storage systems must be properly configured to provision access based on the individual’s demonstrated must view, add, change or delete data.
Real-time reports and alerts enable administrators to review and monitor any configuration changes made to critical IT infrastructure. Administrators can take immediate action to mitigate the risks introduced by inappropriate configuration modifications.