Configuration baselines are established, at least in an ad hoc manner
Context and Guidance: Establishing a baseline for OT, IT, and information assets provides a foundation for managing the integrity of assets as they change over their lifecycle. Establishing point-in-time captures of assets (configuration items) ensures that these assets can be restored to an acceptable form when necessary—after a disruption, when an unauthorised modification has occurred, or under any circumstances where integrity is suspect and provides a level of control over changes that can potentially disrupt the assets’ support of organisational services. Organisations may consider integrity checking mechanisms (manual or automatic) when performing point-in-time captures of assets and asset configurations. Using integrity checking mechanisms to verify point-in-time captures prior to restoration can help ensure they are viable and available. Documented policies and procedures for the configuration or maintenance of baselines are not required to implement this practice.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ASSET-3a, ASSET-3c, ASSET-3d.