Environment Management

Model | Operations | Environment Management

The organization’s work on application security doesn’t end once the application becomes operational. New security features and patches are regularly released for the various elements of the technology stack you’re using, until they become obsolete or are no longer supported.

Most of the technologies in any application stack are not secure by default. This is frequently intentional, to enhance backwards compatibility or ease of setup. For this reason, ensuring the secure operation of the organization’s technology stack requires the consistent application of secure baseline configurations to all components. The Environment Management (EM) practice focuses on keeping your environment clean and secure.

Vulnerabilities are discovered throughout the lifecycles of the technologies on which your organization relies, and new versions addressing them are released on various schedules. This makes it essential to monitor vulnerability reports and perform orderly, timely patching across all affected systems.

Maturity levelStream A
Configuration Hardening
Stream B
Patching and Updating
1Best-effort patching and hardeningPerform best-effort hardening of configurations, based on readily available information.Perform best-effort patching of system and application components.
2Formal process with baselines in placePerform consistent hardening of configurations, following established baselines and guidance.Perform regular patching of system and application components, across the full stack. Ensure timely delivery of patches to customers.
3Conformity with continuously improving process enforcedActively monitor configurations for non-conformance to baselines, and handle detected occurrences as security defects.Actively monitor update status and manage missing patches as security defects. Proactively obtain vulnerability and update information for components.