Back to Glossary

Glossary Term

Security Baseline

A defined minimum set of security requirements that systems must meet to be considered acceptably secure.

1 min read

Share this definition

Post it to your feed or send it to teammates.

Security Baseline

1-minute read

What it is

A security baseline is a defined set of minimum security requirements that systems, applications, or environments must meet to be considered acceptably secure. It establishes a common reference point for security posture across an organisation.

Security baselines typically include mandatory controls such as authentication requirements, encryption standards, logging settings, patch levels, and access restrictions. They apply to servers, cloud resources, endpoints, and applications.

Why it matters

Without a security baseline, security decisions become inconsistent and subjective. This increases the likelihood of weak configurations, missed controls, and uneven risk exposure across systems.

How to reduce risk

  • Define security baselines for infrastructure, applications, and cloud services
  • Align baselines with recognised standards (CIS, ISO 27001, NIST)
  • Enforce baselines through automation and policy-as-code
  • Regularly review and update baselines as threats evolve