When to use this
Use this register to record approved configuration baselines and map them to systems, platforms, services, and networks.
Related controls
- A.8.9 Configuration Management
- A.5.36 Compliance with Policies, Rules and Standards for Information Security
Register
| Baseline | Technology/scope | Source | Owner | Review frequency | Applied to | Last reviewed |
|---|---|---|---|---|---|---|
| TBD | Server/endpoint/network/cloud/app | Vendor/internal/external benchmark | TBD | Monthly/Quarterly | TBD | TBD |
Minimum checks
- Baseline owner assigned.
- Baseline source is identified.
- Local tailoring is documented.
- Systems are mapped to baselines.
- Review frequency is defined.
- Template
- Iso27001
- Technological controls
- Configuration management
Note Metadata
Aliases: Security Configuration Baseline Register
Source: 90 Templates/Configuration Baseline Register.md
Related Notes
- ISO 27001 A.5.36 - Compliance with Policies, Rules and Standards for Information Security
- A.8.9 Audit Evidence Pack
- ISO 27001 A.8.9 - Configuration Management
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.8.9 Audit Checklist
- Configuration Compliance Review Checklist
- Templates MOC