Navigation
SecurityUpdated July 3, 2026

Security Baselines Overview

securitybaselinesstandardshipaasoxcomplianceazureinfrastructureapplicationsepic

Security Baselines Overview

This section provides comprehensive security baseline configurations for our Epic on Azure infrastructure.

Available Baselines

Infrastructure Security Baselines

  • Azure Virtual Machines: Hardened OS configurations and security agents
  • Azure Storage: Encryption, access controls, and data protection
  • Azure Networking: Network security groups, firewalls, and segmentation
  • Azure Identity: RBAC, conditional access, and privileged access management

Application Security Standards

  • Epic Application Security: Hyperspace and application-level security controls
  • Database Security: SQL Server security configurations and access controls
  • Web Application Security: IIS, load balancer, and web service security
  • API Security: Authentication, authorization, and API gateway security

Compliance Frameworks

  • HIPAA Compliance: Healthcare data protection requirements
  • SOX Compliance: Financial controls and audit requirements
  • Azure Security Benchmark: Microsoft's security recommendations
  • CIS Controls: Center for Internet Security baseline controls

Security Configuration Standards

Operating System Hardening

  • Windows Server security baseline configurations
  • Security agent deployment (Defender, CrowdStrike)
  • Patch management and update procedures
  • System monitoring and logging configuration

Network Security

  • Network segmentation and micro-segmentation
  • Firewall rules and security group configurations
  • Network access control and monitoring
  • VPN and remote access security

Identity and Access Management

  • Azure Active Directory integration
  • Role-based access control (RBAC) assignments
  • Privileged access management (PAM) with CyberArk
  • Multi-factor authentication (MFA) requirements

Data Protection

  • Encryption at rest and in transit
  • Data classification and handling procedures
  • Backup and recovery security measures
  • Data loss prevention (DLP) controls

Implementation Guidelines

Security Assessment Process

  1. Baseline Review: Assess current configuration against standards
  2. Gap Analysis: Identify configuration deficiencies
  3. Remediation Planning: Develop correction and improvement plans
  4. Implementation: Apply security configurations and controls
  5. Validation: Verify proper implementation and effectiveness
  6. Monitoring: Continuous monitoring and compliance checking

Configuration Management

  • Ansible Automation: Automated baseline configuration deployment
  • Terraform Templates: Infrastructure as code with security controls
  • Azure Policy: Compliance monitoring and enforcement
  • PowerShell DSC: Windows configuration management

Compliance Monitoring

  • Regular Audits: Quarterly security baseline assessments
  • Continuous Scanning: Daily vulnerability and compliance scans
  • Automated Remediation: Self-healing security configurations
  • Reporting: Monthly compliance and security posture reports

Security Metrics and KPIs

Baseline Compliance

  • Target: 95% baseline compliance across all systems
  • Current Status: Contact Security Team for latest metrics
  • Measurement: Automated scanning and assessment tools

Vulnerability Management

  • Critical Vulnerabilities: Patched within 48 hours
  • High Vulnerabilities: Patched within 7 days
  • Medium/Low Vulnerabilities: Patched within 30 days
  • Patch Compliance: 98% target compliance rate

Access Control Effectiveness

  • Privileged Account Review: Monthly access reviews
  • MFA Coverage: 100% for privileged accounts
  • Role Accuracy: Quarterly RBAC validation
  • Access Certification: Annual comprehensive reviews

Tools and Resources

Security Configuration Tools

ToolPurposeAccessContact
Azure Security CenterSecurity posture assessmentAzure PortalSecurity Team
CyberArk PAMPrivileged access managementPAM PortalIdentity Team
Qualys VMDRVulnerability scanningQualys ConsoleSecurity Team
Rapid7 InsightVMVulnerability managementRapid7 PortalSecurity Team

Compliance and Audit Tools

ToolPurposeAccessContact
Azure PolicyCompliance monitoringAzure PortalCloud Team
SplunkSecurity event monitoringSIEM DashboardSecurity Team
ServiceNow GRCGovernance and complianceServiceNow PortalCompliance Team
Archer GRCRisk and compliance managementArcher PortalRisk Team

Emergency Procedures

Security Incident Response

For immediate security concerns or incidents:

  • Security Operations Center: Contact via incident management system
  • Critical Security Issues: Escalate to on-call security engineer
  • Compliance Violations: Report to compliance team immediately

Baseline Deviation Alerts

  • Automated Alerts: System-generated notifications for baseline drift
  • Manual Reporting: Submit deviations through change management
  • Emergency Exceptions: Contact security team for urgent approvals

For detailed security baseline configurations and implementation guidance, contact our Security Team via Support Guidelines.