Secure Config
Establish and maintain secure configurations for assets.
9 of 9 frameworks cover this control
Framework Mappings
How Secure Config maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | PR.PS-01 |
| ISO 27001 | Covered | A.8.9 |
| CIS v8 | Covered | CIS 4.1 CIS 4.2 CIS 4.6 |
| SOC 2 | Covered | CC6.1 CC7.1 |
| PCI DSS | Covered | 2.2.1 2.2.2 2.2.4 |
| CMMC | Covered | CM.L2-3.4.1 CM.L2-3.4.2 CM.L2-3.4.6 |
| 800-53 | Covered | CM-2 CM-6 CM-7 |
| HIPAA | Covered | §164.310(d)(1) §164.312(a)(1) |
| GDPR | Covered | Art.25(1) Art.32(1) |
About Secure Config
Secure Config is a cybersecurity control in the Protect domain. Establish and maintain secure configurations for assets. Secure configuration management involves establishing hardened baseline configurations for servers, workstations, network devices, and applications that minimize the attack surface by disabling unnecessary services, ports, and protocols. Organizations should adopt industry-recognized benchmarks such as CIS Benchmarks or DISA STIGs, enforce configurations through automated tools like configuration management platforms and group policies, and monitor for configuration drift. Regular configuration audits ensure systems remain in compliance and that changes go through proper change management processes.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.