# Configuration Management and Drift Control One-sentence definition: Maintain systems in a known-good state and detect deviations fast. ## Key Facts - Golden images; IaC for servers/network; version-controlled configs. - Policy-as-code enforces baseline; auto-remediate low-risk drift. - Change detection alerts → ticketing with approvals; evidence retained. - Separate dev/test/prod with promotion gates. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose drift detection to stop “config rot.” **Mnemonic:** “**Known good, stay good**.” ## Mini Scenario Q: SSH root login reappears—why caught? A: Drift tool flagged deviation; blocked by policy. ## Revision Checklist - IaC benefit. - Auto-remediation rule. - Promotion gates. ## Related [[Change Management and CAB]] · [[Secure Baseline Validation for Endpoints and Servers]] · [[Configuration Drift Detection and Continuous Compliance]] · [[Logging Strategy and SIEM Use Cases]] · [[Operational Metrics and KPIs (MTTD MTTR Coverage)]] · [[Domain 7 - Index]]