Implement configuration changes to software (other than the operating system) to mitigate security risks associated with how the software operates.