Throughout this guideline there will be recommendations made that are not included in the Trusted Computer System Evaluation Criteria (TCSEC) as requirements. Any recommendations that are not in the TCSEC will be prefaced by the word "should," whereas all requirements will be prefaced by the word "shall." It should be noted that a TCSEC rating will only be based upon meeting the TCSEC requirements. Recommendations are made in order to provide additional ways of increasing assurance. It is hoped that this will help to avoid any confusion. The guidelines described in this document provide a set of good practices related to configuration management in Automated Data.