Document a security configuration baseline for the system based on current best practices from vendors and desired functionality. The baseline must be updated at least annually. Use this baseline for all new and recovered systems.
Specification
Baselines are defined, approved by senior management and communicated to IT Staf.
Implemented baselines are audited and deviations are reported (and approved)
ISO 27001 & 27002:2022
A5.8,
A5.36,
A5.37
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
SM.01 Security Baselines