💼 DE.CM-02: The physical environment is monitored to find potentially adverse events

ID: /frameworks/nist-csf-v2.0/de-cm/02

Description

Monitor logs from physical access control systems (e.g., badge readers) to find unusual access patterns (e.g., deviations from the norm) and failed access attempts
Review and monitor physical access records (e.g., from visitor registration, sign-in sheets)
Monitor physical access controls (e.g., locks, latches, hinge pins, alarms) for signs of tampering
Monitor the physical environment using alarm systems, cameras, and security guards

Similar

Sections
- /frameworks/nist-csf-v1.1/de-cm/02
- /frameworks/nist-sp-800-53-r5/ca/07
- /frameworks/nist-sp-800-53-r5/pe/03
- /frameworks/nist-sp-800-53-r5/pe/06
- /frameworks/nist-sp-800-53-r5/pe/20

Similar Sections (Take Policies From)

Section	Sub Sections	Policies	Compliance
💼 NIST CSF v1.1 → 💼 DE.CM-2: The physical environment is monitored to detect potential cybersecurity events			no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring	6	22	no data
💼 NIST SP 800-53 Revision 5 → 💼 PE-3 Physical Access Control	8		no data
💼 NIST SP 800-53 Revision 5 → 💼 PE-6 Monitoring Physical Access	4		no data
💼 NIST SP 800-53 Revision 5 → 💼 PE-20 Asset Monitoring and Tracking			no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (22)

Policy	Logic Count	Flags	Compliance
🛡️ AWS Account Multi-Region CloudTrail is not enabled🟢	1	🟢 x6	no data
🛡️ AWS API Gateway API Access Logging in CloudWatch is not enabled🟢	1	🟠 x1, 🟢 x5	no data
🛡️ AWS API Gateway API Execution Logging in CloudWatch is not enabled🟢	1	🟢 x6	no data
🛡️ AWS API Gateway REST API Stage X-Ray Tracing is not enabled🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Distribution Logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS CloudTrail S3 Bucket Access Logging is not enabled.🟢	1	🟢 x6	no data
🛡️ AWS CloudWatch Metric Alarm does not have any actions configured🟢	1	🟢 x6	no data
🛡️ AWS DMS Migration Task Logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS EC2 Auto Scaling Group behind ELB doesn't use ELB health check🟢	1	🟢 x6	no data
🛡️ AWS ECS Task Definition logging is not configured🟢	1	🟢 x6	no data
🛡️ AWS EKS Cluster Logging is not enabled for all control plane logs types🟢	1	🟢 x6	no data
🛡️ AWS Elastic Beanstalk Environment does not have enhanced health reporting enabled🟢	1	🟢 x6	no data
🛡️ AWS ELB Load Balancer Access Logging is disabled🟢	1	🟢 x6	no data
🛡️ AWS GuardDuty is not enabled in all regions🟢	1	🟢 x6	no data
🛡️ AWS OpenSearch Domain audit logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS OpenSearch Domain error logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS RDS Cluster Event Subscription for critical events is not configured🟢	1	🟢 x6	no data
🛡️ AWS RDS Instance Event Subscription for critical events is not configured🟢	1	🟢 x6	no data
🛡️ AWS RDS Parameter Group Event Subscription for critical events is not configured🟢	1	🟢 x6	no data
🛡️ AWS RDS Security Group Event Subscription for critical events is not configured🟢	1	🟢 x6	no data
🛡️ AWS S3 Bucket Server Access Logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS VPC Flow Logs are not enabled🟢	1	🟠 x1, 🟢 x5	no data

Description​

Similar​

Similar Sections (Take Policies From)​

Sub Sections​

Policies (22)​

Description

Similar

Similar Sections (Take Policies From)

Sub Sections

Policies (22)