GRM-01: Baseline Requirements

CSF v1.1 References:

PF v1.0 References:

Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: A&A-04: Requirements Compliance, CCC-07: Detection of Baseline Deviation, GRC-04: Policy Exception Process.

Control Statement

Baseline security requirements shall be established for developed or acquired, organizationally-owned or managed, physical or virtual, applications and infrastructure system and network components that comply with applicable legal, statutory, and regulatory compliance obligations. Deviations from standard baseline configurations must be authorized following change management policies and procedures prior to deployment, provisioning, or use. Compliance with security baseline requirements must be reassessed at least annually unless an alternate frequency has been established and authorized based on business needs.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.