Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Configuration Standard

Training Camp • Cybersecurity Glossary

What is Configuration Standard?

A documented set of required, secure settings for systems and devices, often derived from CIS Benchmarks or DISA STIGs to cut vulnerabilities.

Glossary > Governance, Risk & Compliance > Configuration Standard

Understanding Configuration Standard

A Configuration Standard is a documented set of required settings that defines how hardware, software, and network devices must be configured to be considered secure and compliant within an organization. By specifying a consistent baseline, it reduces vulnerabilities introduced by ad hoc or default configurations and supports auditing and compliance.

Configuration standards typically cover access controls, password and authentication policy, disabling unused services and ports, encryption requirements, logging and audit settings, firewall rules, and patch management expectations. They are frequently derived from authoritative sources such as the CIS Benchmarks, DISA STIGs, vendor hardening guides, or controls in NIST SP 800-53 and ISO 27001. Organizations enforce them through golden images, configuration management tools (Ansible, Puppet, Group Policy), and continuous compliance scanning that flags drift from the approved baseline.

Configuration standards matter because misconfiguration is one of the most common root causes of breaches: default credentials, open management ports, excessive permissions, and unnecessary services routinely provide attacker entry points. A documented standard turns security from individual judgment into a repeatable, measurable requirement, ensuring that the hundredth server is hardened exactly like the first. It also provides the benchmark against which auditors and automated tools verify compliance.

For example, a company adopts the CIS Benchmark for Ubuntu as its configuration standard for Linux servers. The standard mandates disabling root SSH login, enforcing key-based authentication, removing unused packages, enabling auditd, and setting strict file permissions. The team bakes these settings into a base image and runs nightly CIS-CAT scans; when a server is found with password SSH re-enabled, the scan flags the drift and the configuration management tool automatically remediates it back to the approved baseline.

Learn More About Configuration Standard:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →