II.C.10(c) Standard Builds
Consistency in system configuration makes security easier to implement and maintain. The institution should use standard builds, which allow one documented configuration to be applied to multiple computers in a controlled manner. Some institutions, depending on their size and complexity, may have many standard builds for the different system configurations needed to address various business functions. Through standard builds, an institution simplifies the following activities:
- Creating hardware and software inventories.
- Updating and patching systems.
- Restoring systems in the event of a disaster or outage.
- Investigating anomalous activity.
- Auditing configurations for conformance with the approved configuration.
The institution may not be able to meet all of its requirements from its standard builds. The use of nonstandard builds should be documented and approved by management, with appropriate changes made to patch management and disaster recovery plans.
II.C.10(d) Patch Management