Skip to main content

💼 PR.AC-5: Network integrity is protected (e.g., network segregation, network segmentation)

  • ID: /frameworks/nist-csf-v1.1/pr-ac/05

Description

Empty...

Similar

  • Sections
    • /frameworks/iso-iec-27001-2013/13/01/01
    • /frameworks/iso-iec-27001-2013/13/01/03
    • /frameworks/iso-iec-27001-2013/13/02/01
    • /frameworks/iso-iec-27001-2013/14/01/02
    • /frameworks/iso-iec-27001-2013/14/01/03
    • /frameworks/nist-sp-800-53-r4/ac/04
    • /frameworks/nist-sp-800-53-r4/ac/10
    • /frameworks/nist-sp-800-53-r4/sc/07
  • Internal
    • ID: dec-c-0bff4159

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 ISO/IEC 27001:2013 → 💼 A.13.1.1 Network controls21no data
💼 ISO/IEC 27001:2013 → 💼 A.13.1.3 Segregation in networks1no data
💼 ISO/IEC 27001:2013 → 💼 A.13.2.1 Information transfer policies and procedures1no data
💼 ISO/IEC 27001:2013 → 💼 A.14.1.2 Securing application services on public networks55no data
💼 ISO/IEC 27001:2013 → 💼 A.14.1.3 Protecting application services transactions1015no data
💼 NIST SP 800-53 Revision 4 → 💼 AC-4 INFORMATION FLOW ENFORCEMENT2211no data
💼 NIST SP 800-53 Revision 4 → 💼 AC-10 CONCURRENT SESSION CONTROLno data
💼 NIST SP 800-53 Revision 4 → 💼 SC-7 BOUNDARY PROTECTION23531no data

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v2.0 → 💼 PR.IR-01: Networks and environments are protected from unauthorized logical access and usage95no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (44)

PolicyLogic CountFlagsCompliance
🛡️ AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution does not encrypt traffic to Custom Origins🟢1🟢 x6no data
🛡️ AWS DMS Endpoint doesn't use SSL🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MongoDB🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to Oracle DBMS🟢1🟢 x6no data
🛡️ AWS S3 Bucket is not configured to block public access🟢1🟢 x6no data
🛡️ AWS S3 Bucket Policy is not set to deny HTTP requests🟢1🟢 x6no data
🛡️ Azure App Service FTP deployments are not disabled🟢1🟢 x6no data
🛡️ Azure App Service HTTPS Only configuration is not enabled🟢1🟢 x6no data
🛡️ Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure PostgreSQL Flexible Server require_secure_transport Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure PostgreSQL Single Server Enforce SSL Connection is not set enabled🟢1🟢 x6no data
🛡️ Azure PostgreSQL Single Server Infrastructure Double Encryption is not enabled🟢1🟢 x6no data
🛡️ Azure Storage Account Secure Transfer Required is not enabled🟢1🟢 x6no data
🛡️ Google BigQuery Dataset is anonymously or publicly accessible🟢1🟢 x6no data
🛡️ Google Cloud SQL Instance External Authorized Networks whitelists all public IP addresses🟢1🟢 x6no data
🛡️ Google Cloud SQL Instance SSL Connections are not enforced🟢1🟢 x6no data
🛡️ Google GCE Firewall Rule logging is disabled🟢1🟢 x6no data
🛡️ Google GCE Instance has a public IP address🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted CiscoSecure/WebSM traffic🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted DNS traffic🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted FTP traffic🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted HTTP traffic🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted LDAP traffic🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted NetBIOS traffic🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted POP3 traffic🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted SMTP traffic🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted SSH traffic🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted traffic to Cassandra🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted traffic to Directory services"🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted traffic to Elasticsearch🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted traffic to Memcached🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted traffic to MongoDB🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted traffic to MySQL🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted traffic to OracleDB🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted traffic to PostgreSQL🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted traffic to Redis🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted Telnet traffic🟢1🟢 x6no data
🛡️ Google GKE Cluster Network policy is disabled.🟢1🟢 x6no data
🛡️ Google GKE Cluster Node Pool uses default Service account🟢1🟢 x6no data
🛡️ Google HTTPS or SSL Proxy Load Balancer permits SSL policies with weak cipher suites🟢⚪🟢 x2, ⚪ x1no data
🛡️ Google Storage Bucket is anonymously or publicly accessible🟢1🟢 x6no data

Internal Rules

RulePoliciesFlags
✉️ dec-x-6ed261671
✉️ dec-x-14f5fc251
✉️ dec-x-75db76ad1
✉️ dec-x-791dab131
✉️ dec-x-3181f3591
✉️ dec-x-995424b72
✉️ dec-x-a4e033891
✉️ dec-x-c0a7793e1
✉️ dec-x-d5fbfc401
✉️ dec-x-d95ea48b1