What it is
A Configuration describes how a system, tool, or service is set up.
A configuration defines a desired state. It specifies what settings, options, or conditions should exist, without describing step-by-step actions to achieve them.
Configurations answer the question:
“How should this be configured?”
Why configurations exist
Organizations use configurations to:
- Standardize system behavior
- Reduce risk and variability
- Enforce security and operational expectations
- Maintain consistency over time
- Detect and prevent unintended changes
Configurations are especially important in environments where systems change frequently or are managed by multiple people or services.
Common examples of configurations
- Identity and access settings
- Firewall or network rules
- System hardening settings
- Logging and retention settings
- Cloud resource configurations
- Application security settings
These configurations may be documented, enforced, monitored, or validated in different ways.
Configurations vs Policies
A policy defines rules or required outcomes.
A configuration defines how a system is set to support those outcomes.
Policies state what must be true.
Configurations state how systems are set.
Policies state what must be true.
Configurations state how systems are set.
A policy may require secure authentication.
A configuration specifies how authentication is configured.
Configurations vs Procedures
A procedure explains how to perform steps to achieve an outcome.
A configuration describes the state that should exist after those steps are completed.
Procedures may be used to implement or change configurations, but the configuration itself is not a procedure.
Configurations vs Tools
A tool performs functions or enforces settings.
A configuration defines what settings the tool should enforce.
Tools apply configurations.
Configurations guide tools.
Configurations vs Artifacts
Configurations are not artifacts by themselves.
Artifacts prove something happened or exists.
Configurations define how something should be set.
Evidence of a configuration—such as a screenshot, export, or report—is an artifact.
Configuration drift occurs when the actual state of a system changes from its intended configuration.
Drift may happen due to:
- Manual changes
- Automated updates
- Tool changes
- Service activity
- Human error
Detecting and managing drift is a core reason configurations are documented and monitored.
How configurations are represented in FutureFeed
In FutureFeed, configurations are treated as defined states that matter over time.
- Configuration definitions describe the intended state
- Artifacts provide proof of actual state
- Assessments evaluate whether configurations match expectations
Configuration artifacts may be reviewed repeatedly as systems evolve.
Common confusion
Configurations are sometimes described as policies, procedures, or artifacts. This is understandable, but imprecise.
In this documentation model:
- Policies define rules and outcomes
- Procedures describe steps
- Configurations define state
- Tools enforce or apply settings
- Artifacts prove what exists
- Assessments evaluate alignment
Keeping these concepts distinct helps organizations understand intent, implementation, and verification.