Description
The organization develops, documents, and maintains a current baseline configuration of the information system.\n
Supplemental Guidance
This control establishes a baseline configuration for the information system. The baseline configuration provides information about a particular component’s makeup (e.g., the standard software load for a workstation or notebook computer including updated patch information) and the component’s logical placement within the information system architecture. The baseline configuration also provides the organization with a well-defined and documented specification to which the information system is built and deviations, if required, are documented in support of mission needs/objectives. The baseline configuration of the information system is consistent with the Federal Enterprise Architecture. Related security controls: CM-6, CM-8.\n
Changes from Rev 4
Adds requirement to update baseline configuration document at organizationally-defined frequencies and for organizationally-defined circumstances (in addition to when changes are made) Incorporates withdrawn control CM-2(1)
Enhancements
\n