Definition: Configuration management is an information security concept. It relates to establishing and managing settings and characteristics that are associated with the hardware and software in an information system. Foreknowledge, maintenance and monitoring of an information system’s settings is key to establishing a baseline. Any deviation from the known settings, unless properly authorized, can enable a potential security breach. Settings need to be established and specified by the business or organization’s policies. The entire process is associated with what is known as "change management".
Its Relevance: The settings associated with an information system must be known, dependable and support the security of information assets. Infrastructure users would, otherwise, be unable to recognize anomalous system settings influenced by intruders and malicious software. Accidental or malicious changes could be devastating. The confidentiality, integrity and availability of the information system would be at risk.