Configuration management (CM) is a field of management that focuses on establishing and maintaining consistency of a product's performance and its functional and physical attributes with its requirements, design, and operational information throughout its life. For information assurance, CM can be defined as the management of security features and assurances through control of changes made to hardware, software, firmware, documentation, test, test fixtures, and test documentation throughout the life cycle of an information system.

History

Configuration management was first developed by the United States Department of Defense in the 1950s as a technical management discipline. The concepts have been widely adopted by numerous technical management models, including systems engineering, integrated logistics support, Capability Maturity Model Integration (CMMI), ISO 9000, Prince2 project management methodology, COBIT, Information Technology Infrastructure Library (ITIL), product lifecycle management, and application lifecycle management. Many of these models have redefined configuration management from its traditional holistic approach to technical management. Some treat configuration management as being similar to a librarian activity, and break out change control and change management as separate areas of discipline (as Prince 2); some break out the traditional elements of revision control and engineering release into separate management disciplines; others treat CM as an overarching management discipline.

Traditional configuration management

Traditional SCM process is looked upon as the best fit solution to handling changes in software projects. Traditional SCM process identifies the functional and physical attributes of a software at various points in time and performs systematic control of changes to the identified attributes for the purpose of maintaining software integrity and traceability throughout the software development life cycle.

The SCM process further defines the need to trace the changes and the ability to verify that the final delivered software has all the planned enhancements that are supposed to be part of the release.

The traditional SCM identifies four procedures that must be defined for each software project to ensure a good SCM process is implemented. They are

1. Configuration Identification
2. Configuration Control
3. Configuration Status Accounting
4. Configuration Authentication

These terms and definitions change from standard to standard, but are essentially the same.

• Configuration identification is the process of identifying the attributes that define every aspect of a configuration item. A configuration item is a product (hardware and/or software) that has an end-user purpose. These attributes are recorded in configuration documentation and baselined. Baselining an attribute forces formal configuration change control processes to be effected in the event that these attributes are changed.