When to use this
Use this checklist to compare systems against approved configuration baselines and record compliance gaps.
Related controls
Checklist
- Applicable baseline identified.
- System owner confirmed.
- Current configuration collected.
- Configuration compared against baseline.
- Deviations identified.
- Existing exceptions checked.
- New exceptions risk-assessed.
- Corrective actions assigned.
- Review evidence retained.
Findings table
| System | Baseline | Deviation | Exception exists? | Risk/action | Owner | Due date |
|---|---|---|---|---|---|---|
| TBD | TBD | TBD | Yes/No | TBD | TBD | TBD |
- Template
- Iso27001
- Technological controls
- Configuration management
Note Metadata
Aliases: Configuration Review Checklist
Source: 90 Templates/Configuration Compliance Review Checklist.md
Related Notes
- A.8.9 Audit Evidence Pack
- ISO 27001 A.8.9 - Configuration Management
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.9 Audit Checklist
- Configuration Baseline Register
- Templates MOC