Configuration Management Policy and Procedures | CM-1

Configuration Management Policy

MCC recognizes that configuration management policies and procedures are vital to reducing information security risks.

Purpose

The Configuration Management Policy and associated controls describe the requirements for managing risks associated with configuring new information systems, controlling changes to information systems, configuration, and security settings. Requirements are also defined for reducing information security risk by implementing least functionality, an information system inventory, and software use restrictions.

Scope and Roles

This policy applies to information resources owned or managed by MCC. The intended audience includes Information Resource Owners and Custodians.

Compliance

Configuration Management controls are implemented to ensure compliance with the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by Title 1 Texas Administrative Code §202.76.

Implementation

The Cybersecurity Manager or their designee is responsible for ensuring that this policy and supporting procedures are periodically reviewed and updated.

Last updated: 5/13/2026

Contact Hours or Questions?

Information on Tech Support