Skip to main content

A-091 - Configuration Data

Purpose

Define how systems and services are configured and operated within the lab.

Asset Type

Information

Description

System configurations, service settings, infrastructure definitions
Includes firewall rules, application configs, deployment parameters
Stored across servers and repositories

Criticality

High

Sensitivity

Sensitive

Exposure Level

Internal

Trust Zone

Hybrid

Dependencies

Infrastructure and platform assets
Configuration management tools (planned)

Relationships

Defines behavior of firewall, applications, and services
May include references to credentials or sensitive parameters

Security Position (Architecture Context)

Misconfiguration is a primary source of vulnerabilities
Directly impacts exposure, access control and service behavior
Often overlooked but critical in risk scenarios

Existing Protective Measures

Limited access to configuration files
Manual configuration control

Owner / Responsibility

Operations Role (Ops)

Notes

No centralized configuration management yet
Risk of inconsistency or drift across systems

Purpose
Asset Type
Description
Criticality
Sensitivity
Exposure Level
Trust Zone
Dependencies
Relationships
Security Position (Architecture Context)
Existing Protective Measures
Owner / Responsibility
Notes