Zum Hauptinhalt springen
Glossary

Baseline (Sicherheitsbaseline)

Updated on 1 min Reviewed by: Cenedril Editorial

A baseline (security baseline) is a defined minimum security standard for the configuration of systems, applications, or networks. It specifies which settings a system must have before it may go into production.

ISO 27001 Annex A control A.8.9 (Configuration Management) requires that configurations are documented and monitored — the baseline serves as the reference document. Recognized sources for baselines include CIS Benchmarks, DISA STIGs, and BSI recommendations in IT-Grundschutz. A baseline typically covers password policies, enabled/disabled services, firewall rules, logging settings, and patch levels. Compliance scanners automatically check whether systems conform to the baseline and report deviations.