U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

baseline

Abbreviation(s) and Synonym(s):

control baseline

Definition(s):

  Hardware, software, databases, and relevant documentation for an information system at a given point in time.
Source(s):
NIST SP 800-161 under Baseline from CNSSI 4009
NISTIR 7622 under Baseline from CNSSI 4009-2010

  Hardware, software, and relevant documentation for an information system at a given point in time.
Source(s):
CNSSI 4009-2015

  See control baseline.
Source(s):
NIST SP 800-37 Rev. 2
NIST SP 800-53 Rev. 5

  The set of controls that are applicable to information or an information system to meet legal, regulatory, or policy requirements, as well as address protection needs for the purpose of managing risk.
Source(s):
NIST SP 800-37 Rev. 2 under control baseline

  Predefined sets of controls specifically assembled to address the protection needs of groups, organizations, or communities of interest. See privacy control baseline or security control baseline.
Source(s):
NIST SP 800-53 Rev. 5 under control baseline from NIST SP 800-53B

  The set of security and privacy controls defined for a low-impact, moderate-impact, or high-impact system or selected based on the privacy selection criteria that provide a starting point for the tailoring process.
Source(s):
NIST SP 800-53B under control baseline from FIPS 200 - Adapted

  Formally approved version of a configuration item, regardless of media, formally designated and fixed at a specific time during the configuration item's life cycle. Note: The engineering process generates many artifacts that are maintained as a baseline over the course of the engineering effort and after its completion. The configuration control processes of the engineering effort manage baselined artifacts. Examples include stakeholder requirements baseline, system requirements baseline, architecture/design baseline, and configuration baseline.
Source(s):
NIST SP 800-160 Vol. 1 from IEEE 828

  Formally approved version of a configuration item, regardless of media, formally designated and fixed at a specific time during the configuration item's life cycle. Note: The engineering process generates many artifacts that are maintained as a baseline over the course of the engineering effort and after its completion. The configuration control processes of the engineering effort manage baselined artifacts. Examples include stakeholder requirements baseline, system requirements baseline, architecture/design baseline, and configuration baseline.
Source(s):
NIST SP 800-160 Vol. 1 from IEEE 828