Configuration Assessment can be done of the IT assets to identify potential vulnerabilities and misconfigurations in systems and applications. This can be done on servers, network devices, cloud consoles and databases. Validation of configuration settings is done against industry benchmarks such as CIS hardening benchmarks, Vendor benchmarks, and industry standards like PCIDSS, HIPAA, NIST, etc.