Definition: Configuration refers to hardware and software settings that establish a known state within an information infrastructure and determine how specific features of (both hardware and software) are set. Specific values that determine how an information system functions. In many cases the settings should be determined by policy. A policy is implemented by "toggling" a radio button, clicking on a box or entering characters during a set-up process. Special care must be taken when establishing settings on equipment and software that interact within a system. Establishing and altering the settings of hardware and software can directly influence the manner in which an information system performs. Failure to pay attention to how various configuration settings interact with one another could increase an individual or an organization's vulnerability.
Its Relevance: Hardware and software can be directed to work in a number of different ways. Users need to establish a "known state" for a network. Altering any configuration can cause a system to perform totally different and cause problems. For example, messages from a desired Internet address could be blocked "configured" in a way that prevents it from entering an network and be stopped at the perimeter of the network. The precise manner in which each system component is configured must be known and documented.