Managing Configuration Items › Configuration Audit and Control Facility (CACF)
Configuration Audit and Control Facility (CACF)
Configuration Audit and Control Facility (CACF) unifies three disciplines, Change Management, Configuration Management (CMDB), and Discovery Management to verify that changes are executed accurately and no unauthorized changes occur.
Change verification helps ensure that the CMDB reflects any changes accurately, and the Discovery Management tools verify the changes.
Change verification provides the following benefits:
- Change Management
-
- Assurance that authorized changes execute correctly
- Detection of incorrectly executed changes
- Detection of unauthorized changes
- Management reporting
- Full auditing of all changes down the attribute level
- Detection of overlapping or conflicting changes
- Configuration Management
-
- CMDB contains an accurate and current representation of all managed CIs
- Ability to view the future state of the CI with the proposed change specifications
- Full auditing of CIs
CACF has two major sections, the CMDB administrative interface and the change management interface that the following sections cover in more detail.
More information:
CACF Administration and Policy Definition
Managed Attributes
Managed Change States
Change Specifications
How Change Verification Occurs
How to Archive and Purge Audit Data
Implement a Change Verification Strategy
Planning and Implementing Change Verification
Change Verification Best Practices
Verify a CI Attribute Value Update Manually
Example: Allow Rogue Updates Only From a Specific Location
Example: Upgrade Laptops in Your Organization
Example: Lock Down Nonverified Change Orders
Example: Allow a CI Update If No Matching Change Order Exists
Example: Defer All Updates from CA Configuration Automation to the TWA
Example: Only Log the Policy Results as a Test
Example: Reject a CI Update
Example: Allow Change Orders Created Without Specifications
Example: Do Not Allow Change Orders Created Without Specifications
Example: Allow Rogue Inserts from Selected Sources
Example: Allow a Rogue Update for a Nonproduction CI