Security Baseline
What is Security Baseline?
Security BaselineA documented, minimum-acceptable security configuration that all systems of a given type must meet before being placed into production.
A security baseline specifies the settings, controls, and policies required for a system class — Windows endpoint, Linux server, AWS account, Kubernetes cluster, mobile device — typically derived from CIS Benchmarks, DISA STIGs, vendor guidance, and internal risk requirements. Baselines cover authentication, logging, encryption, services, ports, and account hygiene, and they form the contract checked by configuration management, audits, and CSPM tooling. Compliance against a baseline is continuously verified; deviations require risk acceptance or remediation. Effective baselines reduce variability, shrink the attack surface, and enable scalable security operations.
● Examples
- 01
A Windows 11 corporate baseline aligned with the CIS Level 1 Benchmark.
- 02
A baseline for AWS accounts requiring CloudTrail, GuardDuty, MFA root, and SCP guardrails.
● Frequently asked questions
What is Security Baseline?
A documented, minimum-acceptable security configuration that all systems of a given type must meet before being placed into production. It belongs to the Defense & Operations category of cybersecurity.
What does Security Baseline mean?
A documented, minimum-acceptable security configuration that all systems of a given type must meet before being placed into production.
How do you defend against Security Baseline?
Defences for Security Baseline typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Security Baseline?
Common alternative names include: Security configuration baseline, Hardening baseline.