ABSTRACT
When a new system is implemented, a preliminary assessment called a security baseline needs to be performed. With new systems or systems that have never been assessed, the security posture is unknown. A baseline provides a starting point to measure changes in configurations and improvements to the system. From this baseline, periodic risk assessments will provide the current state and effectiveness of controls within that system for a given period of time.
