💼 DE.CM-1: The network is monitored to detect potential cybersecurity events

• ID: /frameworks/nist-csf-v1.1/de-cm/01

Description

Empty...

Similar

• Sections
  • /frameworks/nist-sp-800-53-r4/ac/02
  • /frameworks/nist-sp-800-53-r4/au/12
  • /frameworks/nist-sp-800-53-r4/ca/07
  • /frameworks/nist-sp-800-53-r4/cm/03
  • /frameworks/nist-sp-800-53-r4/sc/05
  • /frameworks/nist-sp-800-53-r4/sc/07
  • /frameworks/nist-sp-800-53-r4/si/04
• Internal
  • ID: dec-c-ef9c1fff

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST SP 800-53 Revision 4 → 💼 AC-2 ACCOUNT MANAGEMENT	13	3	6		no data
💼 NIST SP 800-53 Revision 4 → 💼 AU-12 AUDIT GENERATION	3				no data
💼 NIST SP 800-53 Revision 4 → 💼 CA-7 CONTINUOUS MONITORING	3				no data
💼 NIST SP 800-53 Revision 4 → 💼 CM-3 CONFIGURATION CHANGE CONTROL	6	1	1		no data
💼 NIST SP 800-53 Revision 4 → 💼 SC-5 DENIAL OF SERVICE PROTECTION	3				no data
💼 NIST SP 800-53 Revision 4 → 💼 SC-7 BOUNDARY PROTECTION	23	5	31		no data
💼 NIST SP 800-53 Revision 4 → 💼 SI-4 INFORMATION SYSTEM MONITORING	24		1		no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST CSF v2.0 → 💼 DE.CM-01: Networks and network services are monitored to find potentially adverse events			145		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (63)

Policy	Logic Count	Flags	Compliance
🛡️ AWS CloudTrail Log File Validation is not enabled🟢	1	🟢 x6	no data
🛡️ AWS CloudTrail S3 Bucket Access Logging is not enabled.🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MongoDB🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to Oracle DBMS🟢	1	🟢 x6	no data
🛡️ AWS IAM User has inline or directly attached policies🟢	1	🟠 x1, 🟢 x5	no data
🛡️ AWS S3 Bucket is not configured to block public access🟢	1	🟢 x6	no data
🛡️ AWS S3 Bucket Policy is not set to deny HTTP requests🟢	1	🟢 x6	no data
🛡️ AWS S3 Bucket Server Access Logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS VPC Flow Logs are not enabled🟢	1	🟠 x1, 🟢 x5	no data
🛡️ Azure Diagnostic Setting for Azure Key Vault is not enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Flexible Server log_checkpoints Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Flexible Server log_retention_days Parameter is less than 4 days🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Single Server log_connections Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Single Server log_disconnections Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure SQL Server Auditing is not enabled🟢	1	🟢 x6	no data
🛡️ Azure SQL Server Auditing Retention is less than 90 days🟢	1	🟢 x6	no data
🛡️ Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests🟢	1	🟢 x6	no data
🛡️ Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Create or Update Network Security Group does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Create or Update Security Solution does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Create Policy Assignment does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Delete Network Security Group does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Delete Security Solution does not exist🟢	1	🟢 x6	no data
🛡️ Google BigQuery Dataset is anonymously or publicly accessible🟢	1	🟢 x6	no data
🛡️ Google Cloud Audit Logging is not configured properly🟢	1	🟢 x6	no data
🛡️ Google Cloud PostgreSQL Instance Log_error_verbosity Database Flag is not set to DEFAULT or stricter🟢	1	🟢 x6	no data
🛡️ Google Cloud PostgreSQL Instance Log_connections Database Flag is not set to On🟢	1	🟢 x6	no data
🛡️ Google Cloud PostgreSQL Instance Log_disconnections Database Flag is not set to On🟢	1	🟢 x6	no data
🛡️ Google Cloud PostgreSQL Instance Log_min_error_statement Database Flag is not set to Error or stricter🟢	1	🟢 x6	no data
🛡️ Google Cloud PostgreSQL Instance Log_min_messages Database Flag is not set at minimum to Warning🟢	1	🟢 x6	no data
🛡️ Google Cloud PostgreSQL Instance Log_statement Database Flag is not set appropriately🟢	1	🟢 x6	no data
🛡️ Google Cloud SQL Instance External Authorized Networks whitelists all public IP addresses🟢	1	🟢 x6	no data
🛡️ Google Cloud SQL Instance SSL Connections are not enforced🟢	1	🟢 x6	no data
🛡️ Google GCE Firewall Rule logging is disabled🟢	1	🟢 x6	no data
🛡️ Google GCE Instance has a public IP address🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted CiscoSecure/WebSM traffic🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted DNS traffic🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted FTP traffic🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted HTTP traffic🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted LDAP traffic🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted NetBIOS traffic🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted POP3 traffic🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted SMTP traffic🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted SSH traffic🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted traffic to Cassandra🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted traffic to Directory services"🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted traffic to Elasticsearch🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted traffic to Memcached🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted traffic to MongoDB🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted traffic to MySQL🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted traffic to OracleDB🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted traffic to PostgreSQL🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted traffic to Redis🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted Telnet traffic🟢	1	🟢 x6	no data
🛡️ Google GCE Subnetwork Flow Logs are not enabled🟢	1	🟢 x6	no data
🛡️ Google GKE Cluster Network policy is disabled.🟢	1	🟢 x6	no data
🛡️ Google GKE Cluster Node Pool uses default Service account🟢	1	🟢 x6	no data
🛡️ Google HTTPS or SSL Proxy Load Balancer permits SSL policies with weak cipher suites🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ Google Storage Bucket is anonymously or publicly accessible🟢	1	🟢 x6	no data

Internal Rules

Rule	Policies	Flags
✉️ dec-x-0c82d775	1
✉️ dec-x-9b79d91f	1
✉️ dec-x-9c041667	1
✉️ dec-x-20c9ef83	1
✉️ dec-x-24bba483	1
✉️ dec-x-36ced3d1	1
✉️ dec-x-89d5ed7a	1
✉️ dec-x-611eaa35	1
✉️ dec-x-850beea8	1
✉️ dec-x-1518c16e	1
✉️ dec-x-79579ed7	1
✉️ dec-x-9002886f	1
✉️ dec-x-b1e1a494	1
✉️ dec-x-b2ce0ca1	1
✉️ dec-x-c397d3ca	2
✉️ dec-x-db1b7a1b	1
✉️ dec-x-dc359e59	1
✉️ dec-x-e0014333	2