Skip to main content

πŸ’Ό AC-4(21) Physical or Logical Separation of Information Flows (M)(H)

  • Contextual name: πŸ’Ό AC-4(21) Physical or Logical Separation of Information Flows (M)(H)
  • ID: /frameworks/fedramp-moderate-security-controls/ac/04/21
  • Located in: πŸ’Ό AC-4 Information Flow Enforcement (M)(H)

Description​

Separate information flows logically or physically using [Assignment: organization-defined mechanisms and/or techniques] to accomplish [Assignment: organization-defined required separations by types of information].

Similar​

  • Sections
    • /frameworks/fedramp-high-security-controls/ac/04/21
  • Internal
    • ID: dec-c-578f7f62

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό AC-4(21) Physical or Logical Separation of Information Flows (M)(H)1139

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (39)​

PolicyLogic CountFlags
πŸ“ AWS API Gateway REST API Stage is not associated with a WAF Web ACL 🟒1🟒 x6
πŸ“ AWS EC2 Default Security Group does not restrict all traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted CIFS traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted DNS traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted FTP traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted ICMP traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted NetBIOS traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted RPC traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted SMTP traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to MongoDB 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to MSSQL 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to MySQL 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to Oracle DBMS 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to PostgreSQL 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted Telnet traffic 🟒1🟒 x6
πŸ“ AWS IAM Policy allows full administrative privileges 🟒1🟒 x6
πŸ“ AWS RDS Instance is publicly accessible and in an unrestricted public subnet 🟒1🟒 x6
πŸ“ AWS RDS Instance uses default endpoint port 🟒1🟒 x6
πŸ“ AWS RDS Snapshot is publicly accessible 🟒1🟒 x6
πŸ“ AWS S3 Bucket is not configured to block public access 🟒1🟒 x6
πŸ“ AWS VPC Network ACL exposes admin ports to public internet ports 🟒1🟒 x6
πŸ“ Azure Cosmos DB Account Private Endpoints are not used 🟒1🟒 x6
πŸ“ Azure Cosmos DB Account Virtual Network Filter is not enabled 🟒1🟒 x6
πŸ“ Azure Cosmos DB Entra ID Client Authentication is not used 🟒🟒 x3
πŸ“ Azure Key Vault Private Endpoints are not used 🟒1🟒 x6
πŸ“ Azure Managed Disk Public Network Access is not disabled 🟒1🟒 x6
πŸ“ Azure Network Security Group allows unrestricted HTTP(S) access from the Internet 🟒1🟒 x6
πŸ“ Azure Network Security Group allows unrestricted RDP access from the Internet 🟒1🟒 x6
πŸ“ Azure Network Security Group allows unrestricted SSH access from the Internet 🟒1🟒 x6
πŸ“ Azure Network Security Group allows unrestricted UDP access from the Internet 🟒1🟒 x6
πŸ“ Azure PostgreSQL Flexible Server Firewall Rules allow access to Azure services 🟒1🟒 x6
πŸ“ Azure SQL Database allows ingress from 0.0.0.0/0 (ANY IP) 🟒1🟒 x6
πŸ“ Azure SQL Server Public Network Access is not disabled 🟒1🟒 x6
πŸ“ Azure Storage Account Allow Blob Anonymous Access is set enabled 🟒1🟒 x6
πŸ“ Azure Storage Account Cross Tenant Replication is enabled 🟒1🟒 x6
πŸ“ Azure Storage Account Default Network Access Rule is not set to Deny 🟒1🟒 x6
πŸ“ Azure Storage Account Private Endpoints are not used 🟒1🟒 x6