💼 AC-4 Information Flow Enforcement (M)(H)

• ID: /frameworks/fedramp-moderate-security-controls/ac/04

Description

Enforce approved authorizations for controlling the flow of information within the system and between connected systems based on [Assignment: organization-defined information flow control policies].

Similar

• Sections
  • /frameworks/fedramp-high-security-controls/ac/04
• Internal
  • ID: dec-c-29b02b35

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 FedRAMP High Security Controls → 💼 AC-4 Information Flow Enforcement (M)(H)	2	36	81		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 AC-4(21) Physical or Logical Separation of Information Flows (M)(H)			48		no data

Policies (39)

Policy	Logic Count	Flags	Compliance
🛡️ AWS API Gateway API Route Authorization Type is not configured🟢	1	🟢 x6	no data
🛡️ AWS API Gateway REST API Stage is not configured to use an SSL certificate for authentication🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Web Distribution does not encrypt traffic to Custom Origins🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Web Distribution uses default SSL/TLS certificate🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Web Distribution uses Dedicated IP for SSL🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins🟢	1	🟢 x6	no data
🛡️ AWS DMS Endpoint doesn't use SSL🟢	1	🟢 x6	no data
🛡️ AWS DMS Replication Instance is publicly accessible🟢	1	🟢 x6	no data
🛡️ AWS EBS Snapshot is publicly accessible🟢	1	🟢 x6	no data
🛡️ AWS EC2 Auto Scaling Group behind ELB assigns public IP to instances🟢	1	🟢 x6	no data
🛡️ AWS EC2 Default Security Group does not restrict all traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Instance with an auto-assigned public IP address is in a default subnet🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted CIFS traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted FTP traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted RPC traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted SMTP traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MSSQL🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MySQL🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to PostgreSQL🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted Telnet traffic🟢	1	🟢 x6	no data
🛡️ AWS RDS Instance is publicly accessible and in an unrestricted public subnet🟢	1	🟢 x6	no data
🛡️ AWS RDS Instance uses default endpoint port🟢	1	🟢 x6	no data
🛡️ AWS RDS Snapshot is publicly accessible🟢	1	🟢 x6	no data
🛡️ AWS S3 Bucket is not configured to block public access🟢	1	🟢 x6	no data
🛡️ AWS S3 Bucket Policy is not set to deny HTTP requests🟢	1	🟢 x6	no data
🛡️ AWS VPC is not configured with a VPC Endpoint for Amazon EC2 service🟢	1	🟢 x6	no data
🛡️ AWS VPC Subnet Map Public IP On Launch is enabled🟢	1	🟢 x6	no data
🛡️ Azure App Service Authentication is disabled and Basic Authentication is enabled🟢	1	🟢 x6	no data
🛡️ Azure App Service Basic Authentication is enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ Azure App Service FTP deployments are not disabled🟢	1	🟢 x6	no data
🛡️ Azure App Service HTTPS Only configuration is not enabled🟢	1	🟢 x6	no data
🛡️ Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Flexible Server require_secure_transport Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Single Server Enforce SSL Connection is not set enabled🟢	1	🟢 x6	no data
🛡️ Azure Storage Account Secure Transfer Required is not enabled🟢	1	🟢 x6	no data
🛡️ Azure Subscription Network Watcher is not enabled in every available region🟢	1	🟢 x6	no data