Skip to main content

💼 PR.DS-5: Protections against data leaks are implemented

  • ID: /frameworks/nist-csf-v1.1/pr-ds/05

Description

Empty...

Similar

  • Sections
    • /frameworks/iso-iec-27001-2013/06/01/02
    • /frameworks/iso-iec-27001-2013/07/01/01
    • /frameworks/iso-iec-27001-2013/07/01/02
    • /frameworks/iso-iec-27001-2013/07/03/01
    • /frameworks/iso-iec-27001-2013/08/02/02
    • /frameworks/iso-iec-27001-2013/08/02/03
    • /frameworks/iso-iec-27001-2013/09/01/01
    • /frameworks/iso-iec-27001-2013/09/01/02
    • /frameworks/iso-iec-27001-2013/09/02/03
    • /frameworks/iso-iec-27001-2013/09/04/01
    • /frameworks/iso-iec-27001-2013/09/04/04
    • /frameworks/iso-iec-27001-2013/09/04/05
    • /frameworks/iso-iec-27001-2013/10/01/01
    • /frameworks/iso-iec-27001-2013/11/01/04
    • /frameworks/iso-iec-27001-2013/11/01/05
    • /frameworks/iso-iec-27001-2013/11/02/01
    • /frameworks/iso-iec-27001-2013/13/01/01
    • /frameworks/iso-iec-27001-2013/13/01/03
    • /frameworks/iso-iec-27001-2013/13/02/01
    • /frameworks/iso-iec-27001-2013/13/02/03
    • /frameworks/iso-iec-27001-2013/13/02/04
    • /frameworks/iso-iec-27001-2013/14/01/02
    • /frameworks/iso-iec-27001-2013/14/01/03
    • /frameworks/nist-sp-800-53-r4/ac/04
    • /frameworks/nist-sp-800-53-r4/ac/05
    • /frameworks/nist-sp-800-53-r4/ac/06
    • /frameworks/nist-sp-800-53-r4/pe/19
    • /frameworks/nist-sp-800-53-r4/ps/03
    • /frameworks/nist-sp-800-53-r4/ps/06
    • /frameworks/nist-sp-800-53-r4/sc/07
    • /frameworks/nist-sp-800-53-r4/sc/08
    • /frameworks/nist-sp-800-53-r4/sc/13
    • /frameworks/nist-sp-800-53-r4/sc/31
    • /frameworks/nist-sp-800-53-r4/si/04
  • Internal
    • ID: dec-c-ba11ddf3

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 ISO/IEC 27001:2013 → 💼 A.6.1.2 Segregation of dutiesno data
💼 ISO/IEC 27001:2013 → 💼 A.7.1.1 Screeningno data
💼 ISO/IEC 27001:2013 → 💼 A.7.1.2 Terms and conditions of employmentno data
💼 ISO/IEC 27001:2013 → 💼 A.7.3.1 Termination or change of employment responsibilitiesno data
💼 ISO/IEC 27001:2013 → 💼 A.8.2.2 Labelling of informationno data
💼 ISO/IEC 27001:2013 → 💼 A.8.2.3 Handling of assets5no data
💼 ISO/IEC 27001:2013 → 💼 A.9.1.1 Access control policyno data
💼 ISO/IEC 27001:2013 → 💼 A.9.1.2 Access to networks and network services1718no data
💼 ISO/IEC 27001:2013 → 💼 A.9.2.3 Management of privileged access rights312no data
💼 ISO/IEC 27001:2013 → 💼 A.9.4.1 Information access restriction1920no data
💼 ISO/IEC 27001:2013 → 💼 A.9.4.4 Use of privileged utility programsno data
💼 ISO/IEC 27001:2013 → 💼 A.9.4.5 Access control to program source codeno data
💼 ISO/IEC 27001:2013 → 💼 A.10.1.1 Policy on the use of cryptographic controls1819no data
💼 ISO/IEC 27001:2013 → 💼 A.11.1.4 Protecting against external and environmental threatsno data
💼 ISO/IEC 27001:2013 → 💼 A.11.1.5 Working in secure areasno data
💼 ISO/IEC 27001:2013 → 💼 A.11.2.1 Equipment siting and protectionno data
💼 ISO/IEC 27001:2013 → 💼 A.13.1.1 Network controls21no data
💼 ISO/IEC 27001:2013 → 💼 A.13.1.3 Segregation in networks1no data
💼 ISO/IEC 27001:2013 → 💼 A.13.2.1 Information transfer policies and procedures1no data
💼 ISO/IEC 27001:2013 → 💼 A.13.2.3 Electronic messagingno data
💼 ISO/IEC 27001:2013 → 💼 A.13.2.4 Confidentiality or nondisclosure agreementsno data
💼 ISO/IEC 27001:2013 → 💼 A.14.1.2 Securing application services on public networks55no data
💼 ISO/IEC 27001:2013 → 💼 A.14.1.3 Protecting application services transactions1015no data
💼 NIST SP 800-53 Revision 4 → 💼 AC-4 INFORMATION FLOW ENFORCEMENT2211no data
💼 NIST SP 800-53 Revision 4 → 💼 AC-5 SEPARATION OF DUTIES34no data
💼 NIST SP 800-53 Revision 4 → 💼 AC-6 LEAST PRIVILEGE1027no data
💼 NIST SP 800-53 Revision 4 → 💼 PE-19 INFORMATION LEAKAGE1no data
💼 NIST SP 800-53 Revision 4 → 💼 PS-3 PERSONNEL SCREENING3no data
💼 NIST SP 800-53 Revision 4 → 💼 PS-6 ACCESS AGREEMENTS3no data
💼 NIST SP 800-53 Revision 4 → 💼 SC-7 BOUNDARY PROTECTION23531no data
💼 NIST SP 800-53 Revision 4 → 💼 SC-8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY422no data
💼 NIST SP 800-53 Revision 4 → 💼 SC-13 CRYPTOGRAPHIC PROTECTION422no data
💼 NIST SP 800-53 Revision 4 → 💼 SC-31 COVERT CHANNEL ANALYSIS3no data
💼 NIST SP 800-53 Revision 4 → 💼 SI-4 INFORMATION SYSTEM MONITORING241no data

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v2.0 → 💼 PR.DS-01: The confidentiality, integrity, and availability of data-at-rest are protected148no data
💼 NIST CSF v2.0 → 💼 PR.DS-02: The confidentiality, integrity, and availability of data-in-transit are protected125no data
💼 NIST CSF v2.0 → 💼 PR.DS-10: The confidentiality, integrity, and availability of data-in-use are protected142no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (91)

PolicyLogic CountFlagsCompliance
🛡️ AWS Account EBS Volume Encryption Attribute is not enabled in all regions🟢1🟢 x6no data
🛡️ AWS Account IAM Access Analyzer is not enabled for all regions🟢1🟢 x6no data
🛡️ AWS Account Root User credentials were used is the last 30 days🟢1🟢 x6no data
🛡️ AWS Account Root User has active access keys🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution does not encrypt traffic to Custom Origins🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins🟢1🟢 x6no data
🛡️ AWS DMS Endpoint doesn't use SSL🟢1🟢 x6no data
🛡️ AWS DMS Replication Instance is publicly accessible🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted CIFS traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted DNS traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted FTP traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted ICMP traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted NetBIOS traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted RPC traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted SMTP traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MongoDB🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MSSQL🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MySQL🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to Oracle DBMS🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to PostgreSQL🟢1🟢 x6no data
🛡️ AWS EFS File System encryption is not enabled🟢1🟢 x6no data
🛡️ AWS IAM Policy allows full administrative privileges🟢1🟢 x6no data
🛡️ AWS IAM Server Certificate is expired🟢1🟢 x6no data
🛡️ AWS IAM User has inline or directly attached policies🟢1🟠 x1, 🟢 x5no data
🛡️ AWS RDS Instance Encryption is not enabled🟢1🟢 x6no data
🛡️ AWS RDS Instance is publicly accessible and in an unrestricted public subnet🟢1🟢 x6no data
🛡️ AWS RDS Snapshot is publicly accessible🟢1🟢 x6no data
🛡️ AWS S3 Bucket is not configured to block public access🟢1🟢 x6no data
🛡️ AWS S3 Bucket Policy is not set to deny HTTP requests🟢1🟢 x6no data
🛡️ Azure App Service Authentication is disabled and Basic Authentication is enabled🟢1🟢 x6no data
🛡️ Azure App Service Basic Authentication is enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure App Service FTP deployments are not disabled🟢1🟢 x6no data
🛡️ Azure App Service HTTPS Only configuration is not enabled🟢1🟢 x6no data
🛡️ Azure Cosmos DB Account Private Endpoints are not used🟢1🟢 x6no data
🛡️ Azure Cosmos DB Account Virtual Network Filter is not enabled🟢1🟢 x6no data
🛡️ Azure Cosmos DB Entra ID Client Authentication is not used🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure Diagnostic Setting Logs export to Storage Account not encrypted with Customer-managed key🟢1🟢 x6no data
🛡️ Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure Network Security Group allows public access to HTTP(S) ports🟢1🟢 x6no data
🛡️ Azure Network Security Group allows public access to RDP port🟢1🟢 x6no data
🛡️ Azure Network Security Group allows public access to SSH port🟢1🟢 x6no data
🛡️ Azure PostgreSQL Flexible Server Firewall Rules allow access to Azure services🟢1🟢 x6no data
🛡️ Azure PostgreSQL Flexible Server require_secure_transport Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure PostgreSQL Single Server Enforce SSL Connection is not set enabled🟢1🟢 x6no data
🛡️ Azure PostgreSQL Single Server Infrastructure Double Encryption is not enabled🟢1🟢 x6no data
🛡️ Azure SQL Database allows ingress from 0.0.0.0/0 (ANY IP)🟢1🟢 x6no data
🛡️ Azure Storage Account Allow Blob Anonymous Access is enabled🟢1🟢 x6no data
🛡️ Azure Storage Account Secure Transfer Required is not enabled🟢1🟢 x6no data
🛡️ Azure Storage Account Trusted Azure Services are not enabled as networking exceptions🟢1🟢 x6no data
🛡️ Azure Unattached Managed Disk is not encrypted with Customer-managed key🟢1🟢 x6no data
🛡️ Azure Virtual Machine OS and Data disks are not encrypted with Customer-managed key🟢1🟢 x6no data
🛡️ Consumer Google Accounts are used🟢⚪🟢 x2, ⚪ x1no data
🛡️ Google BigQuery Dataset is anonymously or publicly accessible🟢1🟢 x6no data
🛡️ Google Cloud DNS Managed Zone DNSSEC is not enabled🟢1🟢 x6no data
🛡️ Google Cloud MySQL Instance allows anyone to connect with administrative privileges🟢⚪🟢 x2, ⚪ x1no data
🛡️ Google Cloud SQL Instance External Authorized Networks whitelists all public IP addresses🟢1🟢 x6no data
🛡️ Google Cloud SQL Instance SSL Connections are not enforced🟢1🟢 x6no data
🛡️ Google GCE Firewall Rule logging is disabled🟢1🟢 x6no data
🛡️ Google GCE Instance has a public IP address🟢1🟢 x6no data
🛡️ Google GCE Instance is configured to use the Default Service Account with full access to all Cloud APIs🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted CiscoSecure/WebSM traffic🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted DNS traffic🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted FTP traffic🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted HTTP traffic🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted LDAP traffic🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted NetBIOS traffic🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted POP3 traffic🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted SMTP traffic🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted SSH traffic🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted traffic to Cassandra🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted traffic to Directory services"🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted traffic to Elasticsearch🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted traffic to Memcached🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted traffic to MongoDB🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted traffic to MySQL🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted traffic to OracleDB🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted traffic to PostgreSQL🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted traffic to Redis🟢1🟢 x6no data
🛡️ Google GCE Network allows unrestricted Telnet traffic🟢1🟢 x6no data
🛡️ Google GKE Cluster Network policy is disabled.🟢1🟢 x6no data
🛡️ Google GKE Cluster Node Pool uses default Service account🟢1🟢 x6no data
🛡️ Google HTTPS or SSL Proxy Load Balancer permits SSL policies with weak cipher suites🟢⚪🟢 x2, ⚪ x1no data
🛡️ Google IAM Policy Binding Member (User) is assigned a basic role🟢1🟢 x6no data
🛡️ Google IAM Users are assigned the Service Account User or Service Account Token Creator roles at Project level🟢1🟢 x6no data
🛡️ Google Project with KMS keys has a principal with Owner role🟢1🟢 x6no data
🛡️ Google Resource Manager Organization has a Redis IAM role assigned🟢1🟢 x6no data
🛡️ Google Storage Bucket is anonymously or publicly accessible🟢1🟢 x6no data
🛡️ Google User has both Service Account Admin and Service Account User roles assigned🟢1🟢 x6no data

Internal Rules

RulePoliciesFlags
✉️ dec-x-0bdcd2761
✉️ dec-x-3e379c671
✉️ dec-x-4c15a09f1
✉️ dec-x-5c3c20671
✉️ dec-x-6ba5ecd21
✉️ dec-x-6eab9b881
✉️ dec-x-6ed261671
✉️ dec-x-9cdb74071
✉️ dec-x-11c3009f1
✉️ dec-x-12a853391
✉️ dec-x-14bf01f31
✉️ dec-x-14f5fc251
✉️ dec-x-42a090841
✉️ dec-x-46a83a301
✉️ dec-x-75db76ad1
✉️ dec-x-157aa4b91
✉️ dec-x-0289e9c91
✉️ dec-x-293ab45b1
✉️ dec-x-599c86b41
✉️ dec-x-791dab131
✉️ dec-x-966d31831
✉️ dec-x-3181f3591
✉️ dec-x-4002ecfe1
✉️ dec-x-66358b451
✉️ dec-x-083928f51
✉️ dec-x-995424b72
✉️ dec-x-637372481
✉️ dec-x-a4e033891
✉️ dec-x-ab7fc52e1
✉️ dec-x-b4d3d9dc2
✉️ dec-x-b33429051
✉️ dec-x-bcae85fb2
✉️ dec-x-c0a7793e1
✉️ dec-x-ca1c0c0d1
✉️ dec-x-ca52f63a2
✉️ dec-x-d5fbfc401
✉️ dec-x-d95ea48b1
✉️ dec-x-e02b5fdd1
✉️ dec-x-ec547a7c1
✉️ dec-x-f4cc003a1
✉️ dec-x-f12d78aa1
✉️ dec-x-f63fd4f01
✉️ dec-x-f937c35f1
✉️ dec-z-79f4ab881
✉️ dec-z-c82c9f971
✉️ dec-z-dbeeed9f1
✉️ dec-z-f778950c1