Skip to main content

💼 PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities

  • ID: /frameworks/nist-csf-v1.1/pr-pt/03

Description

Empty...

Similar

  • Sections
    • /frameworks/iso-iec-27001-2013/09/01/02
    • /frameworks/nist-sp-800-53-r4/ac/03
    • /frameworks/nist-sp-800-53-r4/cm/07
  • Internal
    • ID: dec-c-af3321d0

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 ISO/IEC 27001:2013 → 💼 A.9.1.2 Access to networks and network services1718no data
💼 NIST SP 800-53 Revision 4 → 💼 AC-3 ACCESS ENFORCEMENT102no data
💼 NIST SP 800-53 Revision 4 → 💼 CM-7 LEAST FUNCTIONALITY567no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (30)

PolicyLogic CountFlagsCompliance
🛡️ AWS Account Root User has active access keys🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted DNS traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted FTP traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted ICMP traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted NetBIOS traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted RPC traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted SMTP traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MSSQL🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MySQL🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to PostgreSQL🟢1🟢 x6no data
🛡️ AWS IAM Policy allows full administrative privileges🟢1🟢 x6no data
🛡️ AWS RDS Instance Auto Minor Version Upgrade is not enabled🟠🟢1🟠 x1, 🟢 x6no data
🛡️ AWS S3 Bucket is not configured to block public access🟢1🟢 x6no data
🛡️ AWS S3 Bucket Policy is not set to deny HTTP requests🟢1🟢 x6no data
🛡️ Azure App Service does not run the latest Java version🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure App Service does not run the latest PHP version🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure App Service does not run the latest Python version🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure Cosmos DB Account Private Endpoints are not used🟢1🟢 x6no data
🛡️ Azure Cosmos DB Account Virtual Network Filter is not enabled🟢1🟢 x6no data
🛡️ Azure Cosmos DB Entra ID Client Authentication is not used🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure PostgreSQL Flexible Server Firewall Rules allow access to Azure services🟢1🟢 x6no data
🛡️ Azure SQL Database allows ingress from 0.0.0.0/0 (ANY IP)🟢1🟢 x6no data
🛡️ Azure Storage Account Trusted Azure Services are not enabled as networking exceptions🟢1🟢 x6no data
🛡️ Consumer Google Accounts are used🟢⚪🟢 x2, ⚪ x1no data
🛡️ Google Cloud MySQL Instance allows anyone to connect with administrative privileges🟢⚪🟢 x2, ⚪ x1no data
🛡️ Google Cloud SQL Server Instance external scripts enabled Database Flag is not set to off🟢1🟢 x6no data

Internal Rules

RulePoliciesFlags
✉️ dec-x-0a7801fb1
✉️ dec-x-3e379c671
✉️ dec-x-6eab9b881
✉️ dec-x-11c3009f1
✉️ dec-x-42a090841
✉️ dec-x-157aa4b91
✉️ dec-x-0289e9c91
✉️ dec-x-293ab45b1
✉️ dec-x-879aa9961
✉️ dec-x-3179d53c1
✉️ dec-x-66358b451
✉️ dec-x-215302da1
✉️ dec-x-a20e54a01
✉️ dec-x-b4d3d9dc2
✉️ dec-x-bcae85fb2
✉️ dec-x-bf1f13f61
✉️ dec-x-ca1c0c0d1
✉️ dec-x-f12d78aa1
✉️ dec-x-f82b98491
✉️ dec-z-dbeeed9f1
✉️ dec-z-f778950c1