Baselines in security procedures are best described as what?

Baselines are fixed, repeatable starting points that define the exact steps and configurations that should be applied for a given security procedure. They act like a checklist, ensuring that every time a procedure is performed, the same minimum actions are completed in the same way, which helps maintain a consistent and verifiable security state. For example, a baseline for configuring a new server might require enabling specific security features, applying patch levels, enforcing password policies, logging, and firewall rules. Because baselines specify the concrete steps to take, they support repeatability, auditing, and faster deployment with less drift from the intended security posture. They aren’t flexible guidelines, nor broad standards for compliance, nor focused on identifying risks. Guidelines offer recommendations, standards describe formal requirements, and risk assessments focus on identifying threats and vulnerabilities rather than prescribing a fixed set of procedural steps.