3.4.1 Establish and maintain baseline configurations and inventories of organizational information systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles.
- NIST SP 800-128 - Guide for Security-Focused Configuration Management of Information Systems
- MITRE – Systems Engineering Guide – Configuration Management Tools
- SANS Institute - Configuration Management in the Security World
Sample Policy & Procedures
- Department of Human Services Online Directives Information System - POL1903 Configuration Management Policy