03.04.01 — (a) Develop and maintain under configuration control, a current baseline configuration of the system. (b) Review and update the baseline configuration of the system {{ insert: param, A.03.04.01.ODP.01 }} and when system components are installed or modified.

What this control requires

(a) Develop and maintain under configuration control, a current baseline configuration of the system. (b) Review and update the baseline configuration of the system {{ insert: param, A.03.04.01.ODP.01 }} and when system components are installed or modified.

Source: NIST SP 800-171 R3 §03.04.01 (official control text).

Why this matters

Baseline configurations establish a known-good state for every system in your environment. Without documented baselines, you cannot detect unauthorized changes, consistently rebuild compromised systems, or prove compliance. This control protects against configuration drift, rogue modifications, and insider threats by creating an auditable record of approved settings. When an incident occurs, baselines enable rapid recovery to trusted states. They also prevent security gaps that emerge when systems evolve without oversight, ensuring every change follows a documented approval process rather than accumulating technical debt.

What evidence assessors expect

Assessors typically look for: PDF, configuration export, screenshot. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls