Reference: CMMC 2.11
Family: CM
Level Introduced: 2
Title: System Baselining
Practice:
Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles.
CMMC Clarification:
Build and configure systems from a known, secure, and approved configuration baseline. This includes:
• documenting the software and configuration settings of a system;
• placement within the network; and
• other specifications as required by the organization.
An effective cybersecurity program depends on system and component configuration and management.
Example
You are in charge of upgrading the computer operating systems of your office's 10 machines. You research how to setup and configure a machine with the least functionality and highest security. The setup must allow users to do their tasks. You document this configuration. Then, you apply it to the other nine machines. You understand the baseline configuration of every machine. This helps when you need to install new patches, software, or make changes.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (4)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.