Chapter 3

Establishment of the Security Control Baseline

The security control baseline is established by determining specific controls required to protect the system based on the security categorization of the system. The baseline is tailored and supplemented in accordance with an organizational assessment of risk and local parameters. The security control baseline, as well as the plan for monitoring it, is documented in the security plan.

Certified Authorization Professional (CAP®) Candidate Information Bulletin, November 2010

Topics

Minimum Security Baselines and Best Practices
Assessing Risk
System Security Plans
NIST Guidance on Security Controls Selection

Objectives

As a Certified Authorization Professional (CAP®), you are expected to ...

Get Official (ISC)2® Guide to the CAP® CBK®, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Official (ISC)2® Guide to the CAP® CBK®, 2nd Edition by Patrick D. Howard

Establishment of the Security Control Baseline

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly