CONFIGURATION COMPLIANCE CHALLENGES: IDENTIFYING GAPS IN STANDARD BENCHMARKS AND ADDRESSING DEVIATIONS FROM ESTABLISHED GUIDELINES
Keywords:
Configuration Compliance, Adaptive Compliance Framework, Security Resilience, Regulatory Compliance, Compliance AutomationAbstract
Ensuring configuration compliance is fundamental for maintaining a secure and resilient IT infrastructure. Despite adopting various industry benchmarks and regulatory standards, many organizations struggle to meet configuration compliance requirements fully, particularly in dynamic, hybrid IT environments. This paper identifies critical gaps within existing configuration benchmarks, explores causes of deviations, and introduces a novel Adaptive Compliance Framework (ACF) to enhance compliance practices. The ACF emphasizes customized, risk-based solutions and continuous, automated monitoring strategies to bridge compliance gaps. This research aims to contribute to more robust and adaptive compliance practices, ultimately reducing configuration drift and enhancing security resilience in a constantly evolving threat landscape.
References
Center for Internet Security (CIS). (2022). CIS Benchmarks.
National Institute of Standards and Technology (NIST). (2022). NIST SP 800-53: Security and Privacy Controls for Information Systems and Organizations.
International Organization for Standardization (ISO). (2013). ISO/IEC 27001: Information Security Management Systems.
Payment Card Industry Data Security Standard (PCI-DSS). (2021).
Downloads
Published
Issue
Section
License
Copyright (c) 2022 Santosh Kumar Kande , Hari Krishna Reddy Swarna (Author)
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
