What does the CMMC requirement for system baselining aim to ensure?

The requirement for system baselining within the Cybersecurity Maturity Model Certification (CMMC) framework is focused on achieving consistent and secure configuration management throughout an organization’s systems. Baselining refers to the process of establishing a standard for the desired state of a system’s configuration. This standard includes the configuration settings, hardware, software, and other components of the system that are deemed secure.

By establishing a baseline, organizations can effectively monitor deviations from this standard, which helps in identifying potential security vulnerabilities and misconfigurations. It ensures that all components of a system are configured correctly, thereby reducing the risk of exploitation by malicious actors. Moreover, consistent configuration management aligns with best practices for maintaining system integrity, availability, and confidentiality, which are critical aspects of cybersecurity.

This approach does not favor immediate access for all users, as user access controls are critical for maintaining security. It also does not support the idea of preventing all communications, which would hinder operational functionality. Lastly, eliminating change control would be detrimental to maintaining a secure and stable environment, as managing changes effectively is vital for safeguarding systems against security threats. Thus, the correct choice emphasizes the importance of consistent and secure configuration management achieved through systematic baselining.