💼 PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)

• Contextual name: 💼 PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)
• ID: /frameworks/nist-csf-v1.1/pr-ip/01
• Located in: 💼 Information Protection Processes and Procedures (PR.IP)

Description

Empty...

Similar

• Sections
  • /frameworks/iso-iec-27001-2013/12/01/02
  • /frameworks/iso-iec-27001-2013/12/05/01
  • /frameworks/iso-iec-27001-2013/12/06/02
  • /frameworks/iso-iec-27001-2013/14/02/02
  • /frameworks/iso-iec-27001-2013/14/02/03
  • /frameworks/iso-iec-27001-2013/14/02/04
  • /frameworks/nist-sp-800-53-r4/cm/02
  • /frameworks/nist-sp-800-53-r4/cm/03
  • /frameworks/nist-sp-800-53-r4/cm/04
  • /frameworks/nist-sp-800-53-r4/cm/05
  • /frameworks/nist-sp-800-53-r4/cm/06
  • /frameworks/nist-sp-800-53-r4/cm/07
  • /frameworks/nist-sp-800-53-r4/cm/09
  • /frameworks/nist-sp-800-53-r4/sa/10
• Internal
  • ID: dec-c-6ef9bea9

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 ISO/IEC 27001:2013 → 💼 A.12.1.2 Change management
💼 ISO/IEC 27001:2013 → 💼 A.12.5.1 Installation of software on operational systems		5	5
💼 ISO/IEC 27001:2013 → 💼 A.12.6.2 Restrictions on software installation
💼 ISO/IEC 27001:2013 → 💼 A.14.2.2 System change control procedures
💼 ISO/IEC 27001:2013 → 💼 A.14.2.3 Technical review of applications after operating platform changes
💼 ISO/IEC 27001:2013 → 💼 A.14.2.4 Restrictions on changes to software packages
💼 NIST SP 800-53 Revision 4 → 💼 CM-2 BASELINE CONFIGURATION	7	1	1
💼 NIST SP 800-53 Revision 4 → 💼 CM-3 CONFIGURATION CHANGE CONTROL	6	1	1
💼 NIST SP 800-53 Revision 4 → 💼 CM-4 SECURITY IMPACT ANALYSIS	2
💼 NIST SP 800-53 Revision 4 → 💼 CM-5 ACCESS RESTRICTIONS FOR CHANGE	7
💼 NIST SP 800-53 Revision 4 → 💼 CM-6 CONFIGURATION SETTINGS	4	1	1
💼 NIST SP 800-53 Revision 4 → 💼 CM-7 LEAST FUNCTIONALITY	5	6	7
💼 NIST SP 800-53 Revision 4 → 💼 CM-9 CONFIGURATION MANAGEMENT PLAN	1
💼 NIST SP 800-53 Revision 4 → 💼 SA-10 DEVELOPER CONFIGURATION MANAGEMENT	6

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (26)

Policy	Logic Count	Flags
📝 AWS Account IAM Access Analyzer is not enabled for all regions 🟢	1	🟢 x6
📝 AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic 🟢	1	🟢 x6
📝 AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins 🟢	1	🟢 x6
📝 AWS DMS Replication Instance Auto Minor Version Upgrade is not enabled 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟢	1	🟢 x6
📝 AWS RDS Instance Auto Minor Version Upgrade is not enabled 🟠🟢	1	🟠 x1, 🟢 x6
📝 AWS S3 Bucket is not configured to block public access 🟢	1	🟢 x6
📝 AWS S3 Bucket Policy is not set to deny HTTP requests 🟢	1	🟢 x6
📝 AWS S3 Bucket Versioning is not enabled 🟢	1	🟢 x6
📝 Azure App Service does not run the latest Java version 🟢		🟢 x3
📝 Azure App Service does not run the latest PHP version 🟢		🟢 x3
📝 Azure App Service does not run the latest Python version 🟢		🟢 x3
📝 Azure Cosmos DB Account Virtual Network Filter is not enabled 🟢	1	🟢 x6
📝 Azure Network Security Group allows public access to RDP port 🟢	1	🟢 x6
📝 Azure Network Security Group allows public access to SSH port 🟢	1	🟢 x6
📝 Google Cloud DNS Managed Zone DNSSEC is not enabled 🟢	1	🟢 x6
📝 Google Cloud DNS Managed Zone DNSSEC Key-Signing Algorithm is RSASHA1 🟢	1	🟢 x6
📝 Google Cloud DNS Managed Zone DNSSEC Zone-Signing Algorithm is RSASHA1 🟢	1	🟢 x6
📝 Google Cloud MySQL Instance Local_infile Database Flag is not set to off 🟢	1	🟢 x6
📝 Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on 🟢	1	🟢 x6
📝 Google Cloud SQL Server Instance external scripts enabled Database Flag is not set to off 🟢	1	🟢 x6
📝 Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value 🟢	1	🟢 x6
📝 Google Cloud SQL Server Instance user options Database Flag is configured 🟢	1	🟢 x6
📝 Google Project has a default network 🟢	1	🟢 x6
📝 Google Project has a legacy network 🟢	1	🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-x-0d66ed99	1
✉️ dec-x-4c15a09f	1
✉️ dec-x-599c86b4	1
✉️ dec-x-ab7fc52e	1