💼 PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities

• Contextual name: 💼 PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities
• ID: /frameworks/nist-csf-v1.1/pr-pt/03
• Located in: 💼 Protective Technology (PR.PT)

Description

Empty...

Similar

• Sections
  • /frameworks/iso-iec-27001-2013/09/01/02
  • /frameworks/nist-sp-800-53-r4/ac/03
  • /frameworks/nist-sp-800-53-r4/cm/07
• Internal
  • ID: dec-c-af3321d0

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 ISO/IEC 27001:2013 → 💼 A.9.1.2 Access to networks and network services		17	18
💼 NIST SP 800-53 Revision 4 → 💼 AC-3 ACCESS ENFORCEMENT	10		2
💼 NIST SP 800-53 Revision 4 → 💼 CM-7 LEAST FUNCTIONALITY	5	6	7

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (30)

Policy	Logic Count	Flags
📝 AWS Account Root User has active access keys 🟢	1	🟢 x6
📝 AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic 🟢	1	🟢 x6
📝 AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted DNS traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted FTP traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted ICMP traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted NetBIOS traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted RPC traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted SMTP traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to MSSQL 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to MySQL 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to PostgreSQL 🟢	1	🟢 x6
📝 AWS IAM Policy allows full administrative privileges 🟢	1	🟢 x6
📝 AWS RDS Instance Auto Minor Version Upgrade is not enabled 🟠🟢	1	🟠 x1, 🟢 x6
📝 AWS S3 Bucket is not configured to block public access 🟢	1	🟢 x6
📝 AWS S3 Bucket Policy is not set to deny HTTP requests 🟢	1	🟢 x6
📝 Azure App Service does not run the latest Java version 🟢		🟢 x3
📝 Azure App Service does not run the latest PHP version 🟢		🟢 x3
📝 Azure App Service does not run the latest Python version 🟢		🟢 x3
📝 Azure Cosmos DB Account Private Endpoints are not used 🟢	1	🟢 x6
📝 Azure Cosmos DB Account Virtual Network Filter is not enabled 🟢	1	🟢 x6
📝 Azure Cosmos DB Entra ID Client Authentication is not used 🟢		🟢 x3
📝 Azure PostgreSQL Flexible Server Firewall Rules allow access to Azure services 🟢	1	🟢 x6
📝 Azure SQL Database allows ingress from 0.0.0.0/0 (ANY IP) 🟢	1	🟢 x6
📝 Azure Storage Account Trusted Azure Services are not enabled as networking exceptions 🟢	1	🟢 x6
📝 Consumer Google Accounts are used 🟢		🟢 x3
📝 Google Cloud MySQL Instance allows anyone to connect with administrative privileges 🟢		🟢 x3
📝 Google Cloud SQL Server Instance external scripts enabled Database Flag is not set to off 🟢	1	🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-x-0a7801fb	1
✉️ dec-x-3e379c67	1
✉️ dec-x-6eab9b88	1
✉️ dec-x-11c3009f	1
✉️ dec-x-42a09084	1
✉️ dec-x-157aa4b9	1
✉️ dec-x-0289e9c9	1
✉️ dec-x-293ab45b	1
✉️ dec-x-879aa996	1
✉️ dec-x-3179d53c	1
✉️ dec-x-66358b45	1
✉️ dec-x-215302da	1
✉️ dec-x-a20e54a0	1
✉️ dec-x-b4d3d9dc	2
✉️ dec-x-bcae85fb	2
✉️ dec-x-bf1f13f6	1
✉️ dec-x-ca1c0c0d	1
✉️ dec-x-f12d78aa	1
✉️ dec-x-f82b9849	1
✉️ dec-z-dbeeed9f	1
✉️ dec-z-f778950c	1