DEPARTMENTAL MANUAL

Number:

3520-000

SUBJECT:

Configuration Management

DATE:

July 15, 2004

OPI:

OCIO, Cyber Security

CHAPTER 4

GENERAL INFORMATION

1 PURPOSE

The purpose of this chapter is to define Configuration Management (CM) and describe its constituent functions, processes, and procedures. The chapter is presented in a two-part structure. Part one is devoted to CM policy and responsibilities. It provides the high-level statements of CM policy, identifies the CM standards to be adopted and followed, and also describes responsibilities for operation of CM within USDA. The establishment of this policy is intended to demonstrate USDA’s commitment to implement a quality CM system to control changes to system environments as required by regulation and defined by Carnegie Mellon’s Software Engineering Institute (SEI) Integrated – Systems Engineering/Software Capability Maturity Model (CMMI–SE/SW).

The following regulations, directives and standards mandate this policy: Office of Management and Budget Circular A-130, Appendix III, November 30, 2000; National Institute of Standards and Technology (NIST) Special Publications 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems & 800-12, An Introduction to Computer Security: The NIST Handbook, http://csrc.nist.gov/publications/nistpubs/800-12/; DR 3130-001, Acquisition of IRM Resources, http://www.usda.gov/ocio/directives/DR/DR3130-001.htm; DM-3200-001, http://www.usda.gov/ocio/directives/DM/DM3200-001.htm , and DM-3200-002, http://www.usda.gov/ocio/directives/DM/DM3200-002.htm;

Management: A Project Managers Guide to Applications Systems Life Cycle Management; Carnegie Mellon, Software Engineering Institute (SEI), System Engineering/Software Integrated Capability Maturity Model (CMMI-SE/SW) version 1.1,

http://www.sei.cmu.edu/cmmi/products/v1.1se-sw-cont.pdf; ANSI/EIA-649-1998 National Consensus Standard for CM and MIL Handbook-61. [Note: ANSI/EIA-649-1998 National Consensus Standard for CM, will require the purchase of a licensing agreement with the Government Electronics and Information Technology Association (GEIA). Mil-HDBK-61 is free and available for download from http://www.acq.osd.mil/io/se/cm&dm/pdf_files/MIL-HDBK-61A.pdf]

2 CANCELLATION

This Departmental Manual will be in effect until superseded.

3 SCOPE

This manual applies to all USDA agencies, programs, teams, organizations, appointees, employees, and other activities.

4 ABBREVIATIONS

ANSI/EIA - American National Standards Institute/Electronic

Industries Alliance

CC - Configuration Control

CCA - Change Control Authority

CCB - Configuration Control Board

CI - Configuration Item

CM - Configuration Management

CMA - CM Authority

CML - CM Librarian

CMMI - Capability Maturity Model Integrated

CMP - CM Plan

CMS - CM Specialist

COTS - Commercial Off the Shelf

CR - Change Request

CS - Cyber Security

CSA - Configuration Status Accounting

CVA - Configuration Verification and Audit

DAA - Designated Accrediting Authority

DM - Department Manual

DR - Department Regulation

FCA - Functional Configuration Audit

GEIA - Government/Electronic Industries Association

GSS - General Support System

HWCI - Hardware Configuration Item

IPT - Integrated Product Team

IRM - Information Resources Management

ISSPM - Information System Security Program Manager

IT - Information Technology

KPA - Key Process Area

LAN - Local Area Network

MIL - Military

MSA - Major Software Application

NFC - National Finance Center

NIST - National Institute of Standards and Technology

NITC - National Information Technology Center

OCIO - Office of the Chief Information Officer

OMB - Office of Management & Budget

PCA - Physical Configuration Audit

POA&M - Program Of Action and Milestones

SBU - Sensitive But Unclassified

SCM - Software CM

SEI - Software Engineering Institute

SWCI - Software Configuration Item

TFM - Trusted Facilities Manual

USDA - United States Department of Agriculture