>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CM-2Baseline Configuration

PBMM (P1)
Secret (P1)
Operational

>Control Description

(A) The organization develops, documents, and maintains under configuration control, a current baseline configuration of the information system.

>Supplemental Guidance

This control establishes baseline configurations for information systems and system components including communications and connectivity-related aspects of systems. Baseline configurations are documented, formally reviewed and agreed-upon sets of specifications for information systems or configuration items within those systems. Baseline configurations serve as a basis for future builds, releases, and/or changes to information systems.

Baseline configurations include information about information system components (e.g., standard software packages installed on workstations, notebook computers, servers, network components, or mobile devices; current version numbers and patch information on operating systems and applications; and configuration settings/parameters), network topology, and the logical placement of those components within the system architecture. Maintaining baseline configurations requires creating new baselines as organizational information systems change over time. Baseline configurations of information systems reflect the current enterprise architecture.

Related controls: CM-3, CM-6, CM-8, CM-9, SA-10.

>Tailoring Guidance

A baseline configuration should include all current patches for the operating system and applications installed. The baseline should also deactivate all unused ports, services and software and use an hardened configuration (e.g., guest accounts deactivated, access control to all system files and directories applied, default passwords changed)

Ask AI

Configure your API key to use AI features.