Hardware, software, and relevant documentation for an information system at a given point in time.
Sources:
CNSSI 4009-2015
See control baseline.
Sources:
NIST SP 800-37 Rev. 2
NIST SP 800-53 Rev. 5
NIST SP 800-53A Rev. 5
The set of controls that are applicable to information or an information system to meet legal, regulatory, or policy requirements, as well as address protection needs for the purpose of managing risk.
Sources:
NIST SP 800-37 Rev. 2
under control baseline
Predefined sets of controls specifically assembled to address the protection needs of groups, organizations, or communities of interest. See privacy control baseline or security control baseline.
Sources:
NIST SP 800-53 Rev. 5
under control baseline
from
NIST SP 800-53B
NIST SP 800-53A Rev. 5
under control baseline
from
NIST SP 800-53B
The set of security and privacy controls defined for a low-impact, moderate-impact, or high-impact system or selected based on the privacy selection criteria that provide a starting point for the tailoring process.
Sources:
NIST SP 800-53B
under control baseline
from
FIPS 200 - Adapted
Hardware, software, databases, and relevant documentation for an information system at a given point in time.
Sources:
NIST SP 800-161r1-upd1
[11/1/2024 errata update]
from
CNSSI 4009-2015
Formally approved version of a configuration item, regardless of media, formally designated and fixed at a specific time during the configuration item’s life cycle.
Sources:
NIST SP 800-160v1r1
from
IEEE Std. 828-2012
Hardware, software, databases, and relevant documentation for an information system at a given point in time.
Sources:
NISTIR 7622
under Baseline