CM-2 Baseline Configuration
Initial Implementation: 10/1/2022
Last Review: 10/10/2025
Last Review: 10/10/2025
Statement
West Texas A&M University must develop, document, and maintain a current baseline configuration of its information systems. Baseline configurations must be updated when new configurations are needed.
Applicability
This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources.
Implementation
- Information system owners, or their designee must develop, document, and maintain a current baseline configuration. Each configuration baseline must go through a security risk assessment, and vulnerability scan.
- Baselines should be developed for each platform and OS.
- Baseline configurations shall be reviewed and updated upon the following conditions:
- During an annual review
- Upon major software upgrades such as OS version changes or upgrade of primary application.
- When system components are installed or upgraded.