What is a baseline configuration and how is it used in security operations?

Baseline configuration refers to a standard secure setup for systems or accounts that serves as the reference state for what is approved and expected. In security operations, this standard is used to compare what a system currently has against the approved baseline. If there are deviations, they signal misconfigurations, weak controls, or unauthorized changes, triggering alerts and remediation actions. Baselines support policy enforcement and compliance by providing a repeatable, auditable standard that change-control processes can enforce. They also enable automated drift detection and rapid remediation, since tools can scan systems and flag differences. For example, a baseline might require a host to have firewall rules enabled, unnecessary services disabled, strong password policies, and centralized logging configured; automated scanners compare actual configurations to the baseline and report discrepancies. The other options don’t fit because an arbitrary configuration per system eliminates a standard for comparison, a temporary configuration is not a baseline, and a logging standard focuses only on logs rather than the broader secure configuration of the system.