Use tools to automate or implement the security policy

Milestone recommends that you find one or more tools to help you automate and implement the security policy. Automation reduces the risk of human error and makes it easier to manage the policy. For example, you can automate the installation of security patches and updates on servers and client computers.

One way to implement this recommendation is to combine the Microsoft Security Configuration Manager (SCCM) with the Security Content Automation Protocol (SCAP).(See for example, Geek of All Trades: Automate Baseline Security Settings (https://technet.microsoft.com/en-us/magazine/ff721825.aspx) and Security Content Automation Protocol (SCAP) Validation Program (http://scap.nist.gov/validation/).) This gives you a framework to create, distribute, and validate security settings on computers across your network.

Learn more

The following control(s) provide additional guidance:

• NIST SP 800-53 CM-1 Configuration Management Policy and Procedures
• NIST SP 800-53 CM-2 Baseline Configuration
• NIST SP 800-53 CM-3 Configuration Change Control