800-53|CM-2

Title

BASELINE CONFIGURATION

Description

The organization develops, documents, and maintains under configuration control, a current baseline configuration of the information system.

Supplemental

This control establishes baseline configurations for information systems and system components including communications and connectivity-related aspects of systems. Baseline configurations are documented, formally reviewed and agreed-upon sets of specifications for information systems or configuration items within those systems. Baseline configurations serve as a basis for future builds, releases, and/or changes to information systems. Baseline configurations include information about information system components (e.g., standard software packages installed on workstations, notebook computers, servers, network components, or mobile devices; current version numbers and patch information on operating systems and applications; and configuration settings/parameters), network topology, and the logical placement of those components within the system architecture. Maintaining baseline configurations requires creating new baselines as organizational information systems change over time. Baseline configurations of information systems reflect the current enterprise architecture.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: CM-3,CM-6,CM-8,CM-9,PM-5,PM-7,SA-10

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1 Ensure Security Defaults is enabled on Microsoft Entra ID	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.1.1.1 Ensure mounting of squashfs filesystems is disabled	Unix	CIS SUSE Linux Enterprise 15 Server L2 v1.1.1
1.1.1.1 Ensure mounting of squashfs filesystems is disabled	Unix	CIS SUSE Linux Enterprise 12 v3.1.0 L2 Server
1.1.1.1 Ensure mounting of squashfs filesystems is disabled	Unix	CIS SUSE Linux Enterprise 12 v3.1.0 L2 Workstation
1.1.1.1 Ensure mounting of squashfs filesystems is disabled	Unix	CIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
1.1.1.1 Ensure mounting of UDF filesystems is disabled	Unix	CIS Bottlerocket L2
1.1.1.1 Ensure mounting of udf filesystems is disabled - lsmod	Unix	CIS Google Container-Optimized OS L2 Server v1.1.0
1.1.1.1 Ensure mounting of udf filesystems is disabled - modprobe	Unix	CIS Google Container-Optimized OS L2 Server v1.1.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - lsmod	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - lsmod	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - modprobe	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - modprobe	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server
1.1.1.2 Ensure mounting of udf filesystems is disabled	Unix	CIS SUSE Linux Enterprise 12 v3.1.0 L1 Workstation
1.1.1.2 Ensure mounting of udf filesystems is disabled	Unix	CIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
1.1.1.2 Ensure mounting of udf filesystems is disabled	Unix	CIS SUSE Linux Enterprise 15 Server L1 v1.1.1
1.1.1.2 Ensure mounting of udf filesystems is disabled	Unix	CIS SUSE Linux Enterprise 12 v3.1.0 L1 Server
1.1.1.3 Ensure mounting of FAT filesystems is limited	Unix	CIS SUSE Linux Enterprise 12 v3.1.0 L2 Server
1.1.1.3 Ensure mounting of FAT filesystems is limited	Unix	CIS SUSE Linux Enterprise 15 Server L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited	Unix	CIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited	Unix	CIS SUSE Linux Enterprise 12 v3.1.0 L2 Workstation
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - lsmod	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - lsmod	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobe	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobe	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.3 Ensure mounting of udf filesystems is disabled - lsmod	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.1.1.3 Ensure mounting of udf filesystems is disabled - lsmod	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.1.1.3 Ensure mounting of udf filesystems is disabled - modprobe	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.1.1.3 Ensure mounting of udf filesystems is disabled - modprobe	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.1.1.4 Ensure mounting of hfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.4 Ensure mounting of hfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.4 Ensure mounting of hfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.4 Ensure mounting of hfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.6 Ensure mounting of squashfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.6 Ensure mounting of squashfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.6 Ensure mounting of squashfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.6 Ensure mounting of squashfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.7 Ensure mounting of udf filesystems is disabled - lsmod	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.7 Ensure mounting of udf filesystems is disabled - lsmod	Unix	CIS Debian 8 Server L1 v2.0.2

Detections

Analytics