With technology constantly evolving and moving towards the next best update, the baseline is often overlooked as a pivotal piece of the upgrading procedure. Baselines can either be technical documentation that state how a specific information system is configured at a specific time or the information system itself, such as an image. Baselines help to maintain a standard within an environment so that all systems are launching from and being built by a central foundation.
This lessens variances throughout the network which, from a cybersecurity perspective, is necessary to minimize the potential attack service. It also lessens the overhead to maintain an environment, as each IS (information system) is not its own unique entry, but a slight variance from the baseline.
Troubleshooting time is also minimized for having a well-maintained baseline, as the baseline should be purpose-built for the environment and all configurations have been vetted to work without issue. This gives both system administrators and technical engineers the same starting point to research an issue, instead of burning hours on how the IS functions and what settings have been applied.
Fortunately, even the process of creating baselines have a baseline in which to follow. There are several to choose from, but the two most well known are the CIS (Center for Internet Security) benchmarks and the DoD STIGs (Security Technical Implementation Guides). The CIS benchmarks are more for the private sector, whereas the DoD STIGs are strictly for use within the US Government; however, the DoD has recently made non-CUI STIG baselines for the general public, which can be found at the public DoD Cyber Exchange website.
The baselines supplied by either entity are broken down by several different categories, such as operating system, software, network technology, and even specific devices, such as mobile and printers. With these baselines, one can apply these guidelines to a base image that can then be deployed, which sets the foundation for the environment to be built upon.
By Nicholas Mauer, Cyber Security Engineer, AFSOC C2MS References: