Secure Baseline

Last updated: February 18, 2026

The Secure Baseline Core Security module provides centralized visibility into system configuration compliance across the environment. It evaluates assets against established security benchmarks to identify misconfigurations, weak settings, and policy gaps that increase risk.

This module enables users to:

  • Measure configuration compliance against industry benchmarks

  • Identify failing security controls across assets

  • Track compliance posture at both benchmark and asset levels

  • Drill into configuration results for individual systems

Secure Baseline results are derived from completed Secure Baseline scans and reflect the most recent successful scan data.

Benchmark View

benchmark table.png

The Benchmark view presents a benchmark-centric perspective of Secure Baseline results. It aggregates compliance data across all assets and Secure Baseline profiles used in scans.

Benchmarks included in this view are sourced from:

  • CIS (Center for Internet Security) Benchmarks

  • DISA Secure Technical Implementation Guides (STIGs)

Only benchmarks that have been evaluated in completed Secure Baseline scans are shown.

Benchmark Table

Each row represents a single benchmark control.

Table Columns

  • Benchmark ID
    The unique identifier of the benchmark control.

  • Benchmark Title
    A description of the configuration requirement being evaluated.

  • Category
    The configuration domain associated with the benchmark, such as Password Policy or Auditing.

  • Level
    The Secure Baseline level defined by the benchmark profile (for example, L1).

  • Applicable OS
    The operating systems for which the benchmark applies, based on the benchmark profile.

  • Applicable Assets
    The number of assets where the benchmark is applicable.
    Hovering over the count displays the list of applicable assets.

  • Pass
    The number of assets that passed the benchmark.

  • Failed
    The number of assets that failed the benchmark.

  • Not Evaluated
    Applicable assets that have not yet been scanned for this benchmark.

  • Frameworks
    The compliance frameworks associated with the benchmark, such as CIS versions.

Filtering and Interaction

The Benchmark table supports filtering by:

  • Category

  • Operating system

  • Level

  • Framework

Columns are sortable, pagination is supported, and results can be exported for reporting.

Benchmark Drawer

Selecting a Benchmark ID opens a drawer with detailed information for that benchmark.

The drawer includes:

  • Benchmark description and recommended configuration state

  • Applicable operating systems

  • Overall compliance percentage

  • Counts of passing, failing, and not evaluated assets

  • A per-asset breakdown showing pass or fail status and last scanned time

This view is used to assess the impact of a specific control across the environment.

Asset View

The Asset view provides an asset-centric perspective, summarizing Secure Baseline compliance per system.

Each row represents a single asset that has been evaluated by a Secure Baseline scan.

Asset Table

Table Columns

  • Asset
    The asset name.

  • OS
    The operating system of the asset.

  • Benchmark Profile
    The Secure Baseline profile applied during scanning.

  • Level
    The benchmark level evaluated for the asset.

  • Total Checks
    The total number of benchmark checks evaluated on the asset.

  • Pass
    The number of benchmarks that passed.

  • Failed
    The number of benchmarks that failed.

  • Compliance
    The percentage of passed benchmarks relative to total checks.

  • Last Scanned
    The localized date and time of the most recent Secure Baseline scan.

Filtering and Behavior

The Asset table supports filtering by:

  • Operating system

  • Benchmark profile

  • Level

Columns are sortable, pagination is available, and results can be exported.

Asset Configuration Drawer

Selecting an asset name from the Asset table opens the Asset drawer with the Configuration tab selected by default.

Configuration Summary

The top of the Configuration tab provides an overview of Secure Baseline compliance for the asset, including:

  • Overall compliance percentage

  • Total pass and fail counts

  • The benchmark profile and level applied

  • The date and time of the last Secure Baseline scan

Benchmark Results

Below the summary, a table lists all benchmark checks evaluated on the asset.

Displayed Information

  • Benchmark ID

  • Benchmark title

  • Category

  • Pass or fail status

Search and filtering options allow users to quickly isolate specific controls or failure types.

Export and table expansion options support deeper analysis.

Usage

The Asset Configuration view is used to:

  • Review configuration posture for a specific system

  • Identify failing security controls

  • Validate the effect of configuration or policy changes

  • Support remediation by pinpointing misconfigured settings