"A legacy that builds upon itself brick by brick."– Luke Ahmed

Today is Day 24 of Yihenew’s CISSP study plan, focusing on baselines, scoping, tailoring, and standards — the building blocks of structured security programs.

Key Areas Covered:

• Baselines — minimum acceptable security configurations (e.g., password length, logging requirements). They provide a consistent foundation across systems.

• Scoping — deciding which systems, processes, and environments are included in applying a control or framework (e.g., PCI DSS scope limited to cardholder data environments).

• Tailoring — customizing a baseline or standard to meet organizational context (e.g., disabling unnecessary controls in a lab environment).

• Standards — detailed rules and technical specifications derived from policies (e.g., NIST, ISO, CIS benchmarks). Standards ensure controls are applied consistently.

• Hierarchy of Documents — Policy → Standards → Baselines → Procedures. Know how each relates for exam questions.

• CISSP Exam Tie-In — expect scenarios asking when to apply a control “as-is” (baseline) vs. adapt (tailoring) vs. narrow focus (scoping).

• 
  

In this CISSP study plan session, Yihenew realized that policies tell you the “why,” while baselines, scoping, tailoring, and standards show the “how.” Together they make security repeatable and defensible.

Quick CISSP Practice Question

Which of the following best describes tailoring in security frameworks?

A. Selecting which systems are subject to compliance requirements

B. Adjusting baseline controls to fit organizational needs

C. Setting minimum configurations for operating systems

D. Publishing high-level policy statements

✅ Correct Answer: B. Adjusting baseline controls to fit organizational needs

Explanation:

• Tailoring adapts a baseline to fit specific operational or business requirements.

• Scoping decides what’s included in compliance (A).

• Baselines are minimum security configs (C).

• Policies are high-level intentions (D).

• 
  

Think Like a Manager: The exam wants you to see that frameworks are rarely applied “as-is.” Managers balance compliance with practicality — tailoring ensures controls are realistic without undermining security.

Check out Yani's TikTok or see Day 23 or Day 25.

👉 Can you take the Yani Challenge?

55 days of consistent CISSP prep, tackling one domain at a time, using only the resources below:

Course

Luke's CISSP Course (2 months access, $89.98)

One-to-one Zoom sessions with Luke Ahmed (2 weeks before exam)

Books, Notes, and Practice Questions

All-In-One Study Guide by Shon Harris (Around $45)

Sybex 10th Edition (Around $52.55)

Official CISSP Practice Tests, 4th Edition by Mike Chapple & David Seidl (Around $35)

How To Think Like A Manager for the CISSP Exam ($29.99)

Total Cost: approxiamately $250 depending on your geographic location. Yani is located in East Africa.

📚 Study Plan (55 Days of Dedication):

- Weekdays: 2–3 hours of focused study—late nights and early mornings (5 AM).

- Weekends: 5–6 hours of deep study sessions.

Pass CISSP in first attempt within 100 questions.

Yani's biggest expense was his time, committment, consistency, and dedication! It was worth it because he passed first attempt in 100 questions using the above resources only.

If Yihenew could do it, so can you.

All the best Future CISSP. You can feel free to contact me anytime as well.

Thank you.