💼 AC-4(21) Physical or Logical Separation of Information Flows (M)(H)

• ID: /frameworks/fedramp-moderate-security-controls/ac/04/21

Description

Separate information flows logically or physically using [Assignment: organization-defined mechanisms and/or techniques] to accomplish [Assignment: organization-defined required separations by types of information].

Similar

• Sections
  • /frameworks/fedramp-high-security-controls/ac/04/21
• Internal
  • ID: dec-c-578f7f62

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 FedRAMP High Security Controls → 💼 AC-4(21) Physical or Logical Separation of Information Flows (M)(H)		11	48		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (48)

Policy	Logic Count	Flags	Compliance
🛡️ AWS API Gateway REST API Stage is not associated with a WAF Web ACL🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Web Distribution Default Root Object is not configured🟢	1	🟢 x6	no data
🛡️ AWS DMS Replication Instance is publicly accessible🟢	1	🟢 x6	no data
🛡️ AWS EBS Snapshot is publicly accessible🟢	1	🟢 x6	no data
🛡️ AWS EC2 Auto Scaling Group behind ELB assigns public IP to instances🟢	1	🟢 x6	no data
🛡️ AWS EC2 Default Security Group does not restrict all traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Instance with an auto-assigned public IP address is in a default subnet🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted CIFS traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted DNS traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted FTP traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted ICMP traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted NetBIOS traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted RPC traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted SMTP traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MongoDB🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MSSQL🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MySQL🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to Oracle DBMS🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to PostgreSQL🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted Telnet traffic🟢	1	🟢 x6	no data
🛡️ AWS IAM Policy allows full administrative privileges🟢	1	🟢 x6	no data
🛡️ AWS RDS Instance is publicly accessible and in an unrestricted public subnet🟢	1	🟢 x6	no data
🛡️ AWS RDS Instance uses default endpoint port🟢	1	🟢 x6	no data
🛡️ AWS RDS Snapshot is publicly accessible🟢	1	🟢 x6	no data
🛡️ AWS S3 Bucket is not configured to block public access🟢	1	🟢 x6	no data
🛡️ AWS VPC is not configured with a VPC Endpoint for Amazon EC2 service🟢	1	🟢 x6	no data
🛡️ AWS VPC Network ACL exposes admin ports to public internet ports🟢	1	🟢 x6	no data
🛡️ AWS VPC Subnet Map Public IP On Launch is enabled🟢	1	🟢 x6	no data
🛡️ AWS VPC Transit Gateway Auto Accept Shared Attachments is enabled🟢	1	🟢 x6	no data
🛡️ AWS WAF Rule Group has no WAF Rules🟢	1	🟠 x1, 🟢 x5	no data
🛡️ AWS WAF Web ACL has no WAF Rules or WAF Rule Groups🟢	1	🟠 x1, 🟢 x5	no data
🛡️ Azure Cosmos DB Account Private Endpoints are not used🟢	1	🟢 x6	no data
🛡️ Azure Cosmos DB Account Virtual Network Filter is not enabled🟢	1	🟢 x6	no data
🛡️ Azure Cosmos DB Entra ID Client Authentication is not used🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ Azure Key Vault Private Endpoints are not used🟢	1	🟢 x6	no data
🛡️ Azure Managed Disk Public Network Access is not disabled🟢	1	🟢 x6	no data
🛡️ Azure Network Security Group allows public access to HTTP(S) ports🟢	1	🟢 x6	no data
🛡️ Azure Network Security Group allows public access to RDP port🟢	1	🟢 x6	no data
🛡️ Azure Network Security Group allows public access to SSH port🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Flexible Server Firewall Rules allow access to Azure services🟢	1	🟢 x6	no data
🛡️ Azure SQL Database allows ingress from 0.0.0.0/0 (ANY IP)🟢	1	🟢 x6	no data
🛡️ Azure SQL Server Public Network Access is not disabled🟢	1	🟢 x6	no data
🛡️ Azure Storage Account Allow Blob Anonymous Access is enabled🟢	1	🟢 x6	no data
🛡️ Azure Storage Account Cross Tenant Replication is enabled🟢	1	🟢 x6	no data
🛡️ Azure Storage Account Default Network Access Rule is not set to Deny🟢	1	🟢 x6	no data
🛡️ Azure Storage Account Private Endpoints are not used🟢	1	🟢 x6	no data