Certified Administrative Professional (CAP) Practice Exam 2025 – Your All-in-One Guide to Exam Mastery!

Baseline controls are fundamental security measures that are selected based on the security category and associated impact level of an information system. These controls establish a minimum level of security that must be applied to protect the information system adequately.

The determination of baseline controls involves analyzing the potential impact of security breaches, which can vary depending on the sensitivity and importance of the information being processed. Organizations typically categorize information systems into different levels of security (low, moderate, high), which then helps to dictate the specific baseline controls that should be implemented to mitigate risks associated with vulnerabilities.

For instance, a system categorized as having a high impact level may require more comprehensive baseline controls compared to one with a low impact level, ensuring that the security measures are aligned with the overall risk management strategy of the organization. These baseline controls offer a structured approach, helping organizations maintain consistency in their security posture across different systems and applications.