What is the role of configuration hardening baselines in Annex B?

The role of configuration hardening baselines is to establish standardized secure settings to reduce the attack surface across systems. A baseline provides a vetted, reproducible set of configurations you apply across operating systems, networks, and cloud resources so configurations don’t drift into insecure territory. This approach helps prevent common misconfigurations, enforces consistent security controls, and speeds up secure deployment and compliance checks. In Annex B, baselines guide what to enable, disable, and how to configure settings to minimize exposure—from service selection and patching to authentication policies and logging—ensuring systems start in a hardened, predictable state. They’re not about insecure defaults or limited to passwords, and they’re not optional for cloud environments; maintaining secure baselines in the cloud is essential to avoid drift and unintended exposure.