{"id":1119,"date":"2024-07-16T21:41:26","date_gmt":"2024-07-16T21:41:26","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=1119"},"modified":"2024-09-06T21:22:54","modified_gmt":"2024-09-06T21:22:54","slug":"cm-2-baseline-configuration","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/configuration-management-cm\/cm-2-baseline-configuration\/","title":{"rendered":"CM-2: Baseline Configuration"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">CM-2: Baseline Configuration<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: &nbsp;<\/strong>Low&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By: &nbsp;<\/strong>07\/20\/2023&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: &nbsp;<\/strong>06\/26\/2024&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>The information resource owner, or designee shall develop, document, and maintain a current baseline configuration for information resources.&nbsp;<\/li>\n\n\n\n<li>Each type of platform or device can have its own baseline security configuration and maintenance protocols.&nbsp; Custodians of information resources shall seek and implement recommended configurations (based on manufacturer recommendations or industry best practices) for securing the system platforms under their control.&nbsp;<\/li>\n\n\n\n<li>Baseline configurations must be reviewed and updated as appropriate when there are significant changes to information resources.&nbsp;&nbsp;&nbsp;<\/li>\n\n\n\n<li>Up-to-date security patches must be applied before an information resource is deployed.&nbsp;<\/li>\n\n\n\n<li>Information resource custodians shall ensure that vendor supplied security patches are routinely acquired, systematically tested prior to implementation where practical, and installed promptly.&nbsp;\n<ul class=\"wp-block-list\">\n<li>All security patches must be installed within 30 days of release.&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Information resource custodians shall remove unnecessary software, system services, and drivers where feasible.&nbsp;<\/li>\n\n\n\n<li>Information resource custodians shall remove or disable nonessential software, system services, ports, and protocols, where feasible.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Information resource custodians shall enable recommended security features included in vendor-supplied systems including, but not limited to, firewalls, virus scanning and malicious code protections, and other file protections.&nbsp;<\/li>\n\n\n\n<li>Information resource custodians shall disable or change the password of default accounts before placing the resource on the network.&nbsp;<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\">References\/Additional Resources<\/h3>\n\n\n\n<p>None.&nbsp; See any applicable internal procedures.&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CM-2: Baseline Configuration NIST Baseline: &nbsp;Low&nbsp; DIR Required By: &nbsp;07\/20\/2023&nbsp; Review Date: &nbsp;06\/26\/2024&nbsp; References\/Additional Resources None.&nbsp; See any applicable internal procedures.&nbsp;<\/p>\n","protected":false},"author":1,"featured_media":580,"parent":1390,"menu_order":1,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-1119","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/brian-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"brian"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 2 years ago"},"absolute_dates":{"created":"Posted on July 16, 2024","modified":"Updated on September 6, 2024"},"absolute_dates_time":{"created":"Posted on July 16, 2024 9:41 pm","modified":"Updated on September 6, 2024 9:22 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1119","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=1119"}],"version-history":[{"count":0,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1119\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1390"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=1119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}