Statement

West Texas A&M University must develop, document, and maintain a current baseline configuration of its information systems. Baseline configurations must be updated when new configurations are needed.

Applicability

This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources.

Implementation

• Information system owners, or their designee must develop, document, and maintain a current baseline configuration.  Each configuration baseline must go through a security risk assessment, and vulnerability scan.
• Baselines should be developed for each platform and OS.
• Baseline configurations shall be reviewed and updated upon the following conditions:
  • During an annual review
  • Upon major software upgrades such as OS version changes or upgrade of primary application.
  • When system components are installed or upgraded.