CFG-02
Secure Baseline Configurations
Description
Mechanisms exist to develop, document and maintain secure baseline configurations for Technology Assets, Applications and/or Services (TAAS) that are consistent with industry-accepted system hardening standards.
Control Question
Does the organization develop, document and maintain secure baseline configurations for Technology Assets, Applications and/or Services (TAAS) that are consistent with industry-accepted system hardening standards?
Control Metadata
Domain:
Configuration Management
Validation Cadence:
Annual
Evidence Request List:
E-AST-12 E-AST-13 E-AST-14 E-AST-15 E-AST-16 E-AST-17 E-AST-18 E-AST-19 E-AST-20 E-AST-21
Framework Mappings
This control maps to the following compliance frameworks
MAS TRM
11.2.511.3.111.3.2