Configuration baselines incorporate applicable requirements from the cybersecurity architecture (ARCHITECTURE-1f)
Context and Guidance: As part of the cybersecurity architecture, the organisation selects and documents requirements for the appropriate level of confidentiality, integrity, and availability of IT, OT, and information assets. These requirements may then be used to drive the development of cybersecurity controls to be applied to assets and systems (such as configuration baselines, network protections, software security). Configuration baseline hardening guidelines, such as the Center for Internet Security Benchmarks or the Department of Defense Security Technical Implementation Guides (STIGs), may provide a starting point for selecting configuration settings that achieve cybersecurity architecture requirements.
Related Practices • Dependency: Implementing this practice depends upon prior implementation of ARCHITECTURE-1f. • Input From: Implementing ARCHITECTURE-3f provides input that may be useful for implementing this practice. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ASSET-3a, ASSET-3c, ASSET-3d.