What is Configuration Management?
Configuration Management is the process by which the technical settings, versions and dependencies of systems and components are recorded, managed and controlled throughout their entire lifecycle.
The aim is to ensure visibility, control and reproducibility within complex IT and OT environments.
🧠 Why Configuration Management?
| Benefit | Explanation |
|---|---|
| Visibility into configurations | Who is running what, where, with which settings? |
| Reproducibility | Identical configurations during recovery, migration or testing |
| Change control | Together with Change Management: preventing uncontrolled modifications |
| Security | Detection of unauthorised configuration changes |
| Audit support | Essential for compliance (such as BIO, IEC 62443, ISO 27001) |
🧱 What is part of a configuration?
A “configuration item” (CI) may include:
- Hardware components (e.g. PLC, router, server)
- Software versions and firmware
- Settings, parameters, policies
- Network configurations (VLANs, firewalls, IP ranges)
- Location and ownership
- Dependencies between systems
Each CI has a unique identity and a recorded status.
🏭 Configuration Management in OT
In Operational Technology (OT), Configuration Management is particularly important because:
- Many devices run on embedded firmware without automatic logging
- Changes (such as a new PLC config) can have major impact
- OT assets often last decades and are poorly documented
- Recovery from failures is often manual and error-prone
| OT element | Configuration aspect |
|---|---|
| SCADA system | IP addresses, logging parameters, user roles |
| PLC program | Version control of ladder logic or function block diagrams |
| Network switches | QoS settings, VLAN config, redundancy mode |
| Remote IO modules | Signal mapping, sample rate, diagnostic options |
🛠 Tools and techniques
| Tool / method | Use |
|---|---|
| CMDB (Configuration Management Database) | Central registration of all configuration items |
| Version control (Git) | For software configurations, PLC programs and scripts |
| Automated baseline checks | Detection of drift from an “approved” configuration |
| Snapshots and backups | Periodic storage of current configurations |
| Policies and procedures | For lifecycle, change and incident management |
🔐 Link with security
Configuration Management supports Security by:
- Making anomalies (misconfigurations) visible
- Contributing to Security by Design
- Being essential for detecting Zero-days and vulnerable settings
- Being required by standards such as IEC 62443 and BIO
📌 In summary
Configuration Management gives you control over the technology. Without proper configuration management, reliable service delivery, security or recovery from failures is barely possible — particularly in OT environments.