Skip to main content

πŸ’Ό PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)

  • Contextual name: πŸ’Ό PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)
  • ID: /frameworks/nist-csf-v1.1/pr-ip/01
  • Located in: πŸ’Ό Information Protection Processes and Procedures (PR.IP)

Description​

Empty...

Similar​

  • Sections
    • /frameworks/iso-iec-27001-2013/12/01/02
    • /frameworks/iso-iec-27001-2013/12/05/01
    • /frameworks/iso-iec-27001-2013/12/06/02
    • /frameworks/iso-iec-27001-2013/14/02/02
    • /frameworks/iso-iec-27001-2013/14/02/03
    • /frameworks/iso-iec-27001-2013/14/02/04
    • /frameworks/nist-sp-800-53-r4/cm/02
    • /frameworks/nist-sp-800-53-r4/cm/03
    • /frameworks/nist-sp-800-53-r4/cm/04
    • /frameworks/nist-sp-800-53-r4/cm/05
    • /frameworks/nist-sp-800-53-r4/cm/06
    • /frameworks/nist-sp-800-53-r4/cm/07
    • /frameworks/nist-sp-800-53-r4/cm/09
    • /frameworks/nist-sp-800-53-r4/sa/10
  • Internal
    • ID: dec-c-6ef9bea9

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.12.1.2 Change management
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.12.5.1 Installation of software on operational systems55
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.12.6.2 Restrictions on software installation
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.14.2.2 System change control procedures
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.14.2.3 Technical review of applications after operating platform changes
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.14.2.4 Restrictions on changes to software packages
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό CM-2 BASELINE CONFIGURATION711
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό CM-3 CONFIGURATION CHANGE CONTROL611
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό CM-4 SECURITY IMPACT ANALYSIS2
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό CM-5 ACCESS RESTRICTIONS FOR CHANGE7
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό CM-6 CONFIGURATION SETTINGS411
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό CM-7 LEAST FUNCTIONALITY567
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό CM-9 CONFIGURATION MANAGEMENT PLAN1
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό SA-10 DEVELOPER CONFIGURATION MANAGEMENT6

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (26)​

PolicyLogic CountFlags
πŸ“ AWS Account IAM Access Analyzer is not enabled for all regions 🟒1🟒 x6
πŸ“ AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic 🟒1🟒 x6
πŸ“ AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins 🟒1🟒 x6
πŸ“ AWS DMS Replication Instance Auto Minor Version Upgrade is not enabled 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟒1🟒 x6
πŸ“ AWS RDS Instance Auto Minor Version Upgrade is not enabled 🟠🟒1🟠 x1, 🟒 x6
πŸ“ AWS S3 Bucket is not configured to block public access 🟒1🟒 x6
πŸ“ AWS S3 Bucket Policy is not set to deny HTTP requests 🟒1🟒 x6
πŸ“ AWS S3 Bucket Versioning is not enabled 🟒1🟒 x6
πŸ“ Azure App Service does not run the latest Java version 🟒🟒 x3
πŸ“ Azure App Service does not run the latest PHP version 🟒🟒 x3
πŸ“ Azure App Service does not run the latest Python version 🟒🟒 x3
πŸ“ Azure Cosmos DB Account Virtual Network Filter is not enabled 🟒1🟒 x6
πŸ“ Azure Network Security Group allows public access to RDP port 🟒1🟒 x6
πŸ“ Azure Network Security Group allows public access to SSH port 🟒1🟒 x6
πŸ“ Google Cloud DNS Managed Zone DNSSEC is not enabled 🟒1🟒 x6
πŸ“ Google Cloud DNS Managed Zone DNSSEC Key-Signing Algorithm is RSASHA1 🟒1🟒 x6
πŸ“ Google Cloud DNS Managed Zone DNSSEC Zone-Signing Algorithm is RSASHA1 🟒1🟒 x6
πŸ“ Google Cloud MySQL Instance Local_infile Database Flag is not set to off 🟒1🟒 x6
πŸ“ Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on 🟒1🟒 x6
πŸ“ Google Cloud SQL Server Instance external scripts enabled Database Flag is not set to off 🟒1🟒 x6
πŸ“ Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value 🟒1🟒 x6
πŸ“ Google Cloud SQL Server Instance user options Database Flag is configured 🟒1🟒 x6
πŸ“ Google Project has a default network 🟒1🟒 x6
πŸ“ Google Project has a legacy network 🟒1🟒 x6

Internal Rules​

RulePoliciesFlags
βœ‰οΈ dec-x-0d66ed991
βœ‰οΈ dec-x-4c15a09f1
βœ‰οΈ dec-x-599c86b41
βœ‰οΈ dec-x-ab7fc52e1