a. This Departmental Regulation (DR) establishes the configuration management policy of the United States Department of Agriculture (USDA or “Department”) for meeting the applicable laws, regulations, and standards of the Federal Government.
b. This DR addresses guidance issued by the Office of Management and Budget (OMB), the National Institute of Standards and Technology (NIST), and the Federal Information Security Management Act of 2002 (FISMA); requiring federal agencies to include “policies and procedures that ensure compliance with minimally acceptable system configuration requirements, as determined by the agency” within its information security program, and Federal Information Processing Standards Publication (FIPS PUB) 200, Minimum Security Requirements for Federal Information and Information Systems.
c. It is the policy of USDA to comply with federal requirements to establish, implement, augment, and support configuration management to manage risk to USDA systems.