Definitions[]
A baseline configuration is
| “ | [a] set of specifications for a system, or CI (Configuration Item) within a system, that has been formally reviewed and agreed on at a point in time, and which can be changed only through change control procedures. The baseline configuration is used as a basis for future builds, releases, and/or changes.[1] | ” |
| “ | [a] documented set of specifications for an information system, or a configuration item within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures.[2] | ” |
| “ | [a c]urrent inventory of all entity hardware, software, and firmware plus approved changes from the baseline.[3] | ” |
References[]
- ↑ NIST, Guide for Security Configuration Management of Information Systems 43 (NIST Special Publication 800-128, Initial Public Draft) (Mar. 2010) (full-text).
- ↑ NIST Special Publication 800-53, App. B, Glossary.
- ↑ Federal Information System Controls Audit Manual, at 559.