What is a security control baseline and how is it used in hardening systems?

A security control baseline is a standard set of security controls configured across systems to ensure a consistent security posture. In hardening, that baseline serves as the official starting point for configuring every system, so new deployments are built from a proven, approved configuration and existing systems can be brought into that same standard. It also provides a clear measure for drift: administrators can regularly compare actual settings to the baseline and automatically remediate deviations, keeping systems aligned with the intended protection level. Using a baseline makes deployments repeatable, supports automated configuration management, and simplifies audits because there is a known, documented configuration everyone adheres to. This is different from applying a single patch, which is a one-off update; from capacity planning for network bandwidth; or from incident escalation procedures, which relate to responding to incidents rather than establishing and maintaining secure configurations.