How does an organization verify that an information system’s current hardware and software match
the standard system configuration?
A.
By reviewing the configuration after the system goes into production
B.
By running vulnerability scanning tools on all devices in the environment
C.
By comparing the actual configuration of the system against the baseline
D.
By verifying all the approved security patches are implemented