Configuration Management Policy and Procedures (CM-1)

The purpose of the Texas A&M University configuration management procedures is to: • Describe the requirements for configuring a new platform (e.g., server) in a secure fashion • Maintain the appropriate security of the platform and application software, and • Provide guidance for applying and maintaining appropriate security measures for all platforms that process essential, controlled, or confidential information.

Configuration Change Control (CM-3)

This Control addresses how changes are controlled, implemented and documented in an orderly manner. A change may include:
  • Any implementation of new functionality;
  • Any interruption of service;
  • Any repair of existing functionality; or
  • Any removal of existing functionality.
Proper application of change management minimizes unwanted reductions in security and provides an accurate record of changes and associated supporting documentation that is useful when planning future changes.

Security Impact Analysis (CM-4)

Changes to the configuration of information systems must be analyzed to determine potential security impacts.

User Installed Software (CM-11)

This Control is intended to inform University computer users of the rules for authorized software on Texas A&M University information resources. Authorized software, also called licensed software, is any software acceptable for use within the University system. Software licensed for use at Texas A&M University has end-user license agreements which inform faculty, staff, and students of their responsibilities as end users regarding authorized use of the software. This procedure is intended to inform University computer users of the requirements for authorized software on Texas A&M University information resources. Non-compliance with copyright laws regarding software is subject to significant civil and criminal penalties imposed by federal and state laws. These penalties are applicable to the University and/or an individual. Violation of this Control is subject to University disciplinary action as well.