Configuration Management
What is Configuration Management?
Configuration ManagementThe discipline of establishing, recording, and enforcing the desired state of systems and applications so configurations remain known, consistent, and secure.
Configuration management defines the authoritative settings for operating systems, network devices, applications, and cloud resources, and uses tooling such as Ansible, Puppet, Chef, Terraform, or Kubernetes operators to apply and reconcile them. Combined with version control and policy-as-code, it enables drift detection, repeatable rebuilds, and proof of compliance with hardening benchmarks like CIS or DISA STIG. From a security viewpoint, it eliminates one of the most common breach root causes — silent configuration drift — and is closely tied to change management and security baselines.
● Examples
- 01
Terraform definitions enforcing that every S3 bucket has encryption and public-access blocks enabled.
- 02
Ansible playbooks that bring all SSH servers back to the approved CIS Benchmark configuration.
● Frequently asked questions
What is Configuration Management?
The discipline of establishing, recording, and enforcing the desired state of systems and applications so configurations remain known, consistent, and secure. It belongs to the Defense & Operations category of cybersecurity.
What does Configuration Management mean?
The discipline of establishing, recording, and enforcing the desired state of systems and applications so configurations remain known, consistent, and secure.
How do you defend against Configuration Management?
Defences for Configuration Management typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Configuration Management?
Common alternative names include: Config management, CM.