Chapter 3

Establishment of the Security Control Baseline

The security control baseline is established by determining specific controls required to protect the system based on the security categorization of the system. The baseline is tailored and supplemented in accordance with an organizational assessment of risk and local parameters. The security control baseline, as well as the plan for monitoring it, is documented in the security plan.
Certified Authorization Professional (CAP®) Candidate Information Bulletin, November 2010


  • Minimum Security Baselines and Best Practices
  • Assessing Risk
  • System Security Plans
  • NIST Guidance on Security Controls Selection


As a Certified Authorization Professional (CAP®), you are expected to ...

Get Official (ISC)2 Guide to the CAP CBK, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.