The Foundation Common to Most Security Frameworks: Addressing Configuration Controls
By Jeff Elliott
We have entered the era of multiple security frameworks. Sometimes mandatory, often voluntary,
security frameworks are created to provide federal and commercial organizations with an effective
roadmap for securing IT systems. The goal is to reduce risk levels and prevent or mitigate cyber-attacks.
To accomplish this task, security frameworks typically provide a series of documented, agreed and
understood policies, procedures, and processes necessary to secure the confidentiality, integrity and
availability of information systems and data.
In the United States, the overarching framework is the National Institute of Standards and Technology
(NIST) Cyber Security Framework. As part of the Department of Commerce, NIST is responsible for
developing technical standards and guidelines for information security, among other things. Although
the NIST standards apply to U.S. federal agencies and critical infrastructure, it is also widely used
throughout the private sector.