It's difficult to define "baseline standards" as every application is different and their are variances in security needs. In many cases, ASM implementations begin with a security policy based on the Rapid Deployment template, which will cover the OWASP Top 10, will provide HTTP RFC compliance, attack signatures, and evasion detection protection. As you get more comfortable with ASM and improve at interpreting and handling violations, you can develop a more comprehensive policy by layering on more protection for allowing only specific file types, URLs, and various types of parameter protection.