Skip to main content

💼 A.9.1.2 Access to networks and network services

Description

Users shall only be provided with access to the network and network services that they have been specifically authorized to use.

Similar

  • Internal
    • ID: dec-c-2c4e1844

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST CSF v1.1 → 💼 PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties1752
💼 NIST CSF v1.1 → 💼 PR.DS-5: Protections against data leaks are implemented4766
💼 NIST CSF v1.1 → 💼 PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities2130

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags

Policies (18)

PolicyLogic CountFlags
📝 AWS Account Root User has active access keys 🟢1🟢 x6
📝 AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟢1🟢 x6
📝 AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟢1🟢 x6
📝 AWS EC2 Security Group allows unrestricted DNS traffic 🟢1🟢 x6
📝 AWS EC2 Security Group allows unrestricted FTP traffic 🟢1🟢 x6
📝 AWS EC2 Security Group allows unrestricted ICMP traffic 🟢1🟢 x6
📝 AWS EC2 Security Group allows unrestricted NetBIOS traffic 🟢1🟢 x6
📝 AWS EC2 Security Group allows unrestricted RPC traffic 🟢1🟢 x6
📝 AWS EC2 Security Group allows unrestricted SMTP traffic 🟢1🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to MSSQL 🟢1🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to MySQL 🟢1🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to PostgreSQL 🟢1🟢 x6
📝 AWS IAM Policy allows full administrative privileges 🟢1🟢 x6
📝 Azure Cosmos DB Account Private Endpoints are not used 🟢1🟢 x6
📝 Azure Cosmos DB Entra ID Client Authentication is not used 🟢🟢 x3
📝 Azure PostgreSQL Flexible Server Firewall Rules allow access to Azure services 🟢1🟢 x6
📝 Azure SQL Database allows ingress from 0.0.0.0/0 (ANY IP) 🟢1🟢 x6
📝 Azure Storage Account Trusted Azure Services are not enabled as networking exceptions 🟢1🟢 x6

Internal Rules

RulePoliciesFlags
✉️ dec-x-0a7801fb1
✉️ dec-x-3e379c671
✉️ dec-x-6eab9b881
✉️ dec-x-11c3009f1
✉️ dec-x-42a090841
✉️ dec-x-157aa4b91
✉️ dec-x-0289e9c91
✉️ dec-x-293ab45b1
✉️ dec-x-3179d53c1
✉️ dec-x-66358b451
✉️ dec-x-b4d3d9dc2
✉️ dec-x-bcae85fb2
✉️ dec-x-bf1f13f61
✉️ dec-x-ca1c0c0d1
✉️ dec-x-f12d78aa1
✉️ dec-z-dbeeed9f1
✉️ dec-z-f778950c1