Baseline controls are the minimum set of security controls an organization determines are needed and must be applied to a system(s) to meet a specific classification or categorization level of a system. Privacy controls should be integrated into the security baseline controls. Inherited Controls are created, implemented, assessed, authorized, and monitored by organizational officials outside of the system owners authorization boundary. Can include business continuity & disaster recovery strategies, physical infrastructure, encryption services, risk assessments, system monitoring, strategic vendors and partner relationships along with identity and access management.