The application configuration list defines a list of service or application configurations with change history information The purpose is to allow the DevOps/IT team to manage the secure configuration and monitor any unauthorized changes. The configuration list may cover the OS, virtualization, web services, databases, and frameworks that are specific to the target services. These configurations are often done through Infrastructure as Code, such as Puppet or Chef. Infrastructure as Code makes secure configuration happen even in the implementation phase and allows for easier collaboration between the development and operation teams.