Editing Configuration management (section)

==Software==
{{main|Software configuration management}}
The software configuration management (SCM) process is looked upon by practitioners as the best solution to handling changes in software projects. It identifies the functional and physical attributes of software at various points in time, and performs systematic control of changes to the identified attributes for the purpose of maintaining software integrity and traceability throughout the software development life cycle.

The SCM process further defines the need to trace changes, and the ability to verify that the final delivered software has all of the planned enhancements that are supposed to be included in the release. It identifies four procedures that must be defined for each software project to ensure that a sound SCM process is implemented. They are:
# Configuration identification
# Configuration control
# Configuration status accounting
# Configuration audits

These terms and definitions change from standard to standard, but are essentially the same.
* Configuration identification is the process of identifying the attributes that define every aspect of a configuration item. A configuration item is a product (hardware and/or software) that has an end-user purpose. These attributes are recorded in configuration documentation and baselined. Baselining an attribute forces formal configuration change control processes to be effected in the event that these attributes are changed.
* Configuration change control is a set of processes and approval stages required to change a configuration item's attributes and to re-baseline them.
* Configuration status accounting is the ability to record and report on the configuration baselines associated with each configuration item at any moment of time.
* Configuration audits are broken into functional and [[physical configuration audit]]s. They occur either at delivery or at the moment of effecting the change. A functional configuration audit ensures that functional and performance attributes of a configuration item are achieved, while a physical configuration audit ensures that a configuration item is installed in accordance with the requirements of its detailed design documentation.

===Configuration management database===
{{no sources section|date=July 2024}}
[[ITIL]] specifies the use of a configuration management system (CMS) or [[configuration management database]] (CMDB) as a means of achieving industry best practices for Configuration Management. CMDBs are used to track Configuration Items (CIs) and the dependencies between them, where CIs represent the things in an enterprise that are worth tracking and managing, such as but not limited to computers, software, software licenses, racks, network devices, storage, and even the components within such items. CMS helps manage a [[Federated database system|federated]] collection of CMDBs.

The benefits of a CMS/CMDB includes being able to perform functions like root cause analysis, impact analysis, change management, and current state assessment for future state strategy development. 

''Configuration Management'' (CM) is an ITIL-specific ITSM process that tracks all of the individual CIs in an [[information system|IT system]] which may be as simple as a single server, or as complex as the entire IT department. In large organizations a configuration manager may be appointed to oversee and manage the CM process. In ITIL version 3, this process has been renamed as ''Service Asset and Configuration Management''.

===Information assurance===
For [[information assurance]], CM can be defined as the management of security features and assurances through control of changes made to hardware, software, firmware, documentation, test, test fixtures, and test documentation throughout the life cycle of an information system.<ref>[[National Information Systems Security Glossary]]</ref>{{Better source needed|date=August 2021|reason=Wikipedia is not a [[WP:RS|reliable source]]}} CM for information assurance, sometimes referred to as ''secure configuration management'' (SCM), relies upon performance, functional, and physical attributes of IT platforms and products and their environments to determine the appropriate security features and assurances that are used to measure a system configuration state. For example, configuration requirements may be different for a [[network firewall]] that functions as part of an organization's Internet boundary versus one that functions as an internal local network firewall.