1. Introduction

This standard describes a baseline of security requirements for web-based applications, application components, and services of Example Inc.. These requirements are mandatory for newly developed applications and recommendations for existing ones.

The baseline defined in this document may be increased if necessary for applications with higher protection requirements.