Establishment of the Security Control Baseline
The security control baseline is established by determining specific controls required to protect the system based on the security categorization of the system. The baseline is tailored and supplemented in accordance with an organizational assessment of risk and local parameters. The security control baseline, as well as the plan for monitoring it, is documented in the security plan.
Certified Authorization Professional (CAP®) Candidate Information Bulletin, November 2010
- Minimum Security Baselines and Best Practices
- Assessing Risk
- System Security Plans
- NIST Guidance on Security Controls Selection
As a Certified Authorization Professional (CAP®), you are expected to ...