SB.16.001 Baseline configuration
Document a security configuration baseline for the system based on current best practices from vendors and desired functionality. The baseline must be updated at least annually. Use this baseline for all new and recovered systems.
Baselines are defined, approved by senior management and communicated to IT Staf
Implemented baselins are audited and deviations are reported (and approved)