Georgetown University has adopted the configuration management principles established in NIST SP 800-171 “Configuration Management” control guidelines as the official policy for this security domain. Each system administrator and system owner must adhere to the guidelines and procedures associated with this policy in order to support and be compliant with the University information security framework.

Baseline configurations are documented, formally reviewed, and agreed-upon sets of specifications for information systems or configuration items within those systems. Baseline configurations serve as a basis for future builds, releases, and changes to University systems, system components, and networks. 

Configuration of servers and end-user workstations 

Servers and end-user workstations must be configured to audit for the following events:

  • Server startup and shutdown

  • Starting and stopping of audit functions

  • Loading and unloading of services

  • Installation and removal of software 

  • System alerts and error messages

  • Application alerts and error messages

  • Modifications to system applications

  • User logon and logoff

  • System administration activities, such as Windows “runas” or Linux “su” use.

  • Access to information, files, and systems

  • Account creation, modification, or deletion

  • Password changes

  • Modifications of access controls, such as change of file or user permissions or privileges (e.g., use of suid/guid, chown, su)

  • Additional security-related events, as required by the system owner or to support the nature of the supported business and applications

  • Clearing of the audit log file

  • Remote access outside of the agency network communication channels (e.g., modems, dedicated VPN) and all dial-in access to the system

  • Changes made to an application or database by a batch file

  • Application-critical record changes

Configuration of network devices

Network devices (e.g., router, firewall, switch, wireless access point) must be configured to audit for the following events: 

  • Device startup and shutdown

  • Administrator logon and logoff

  • Configuration changes 

  • Account creation, modification, or deletion

  • Modifications of privileges and access controls

  • System alerts and error messages