💼 DE.CM-02: The physical environment is monitored to find potentially adverse events
- ID:
/frameworks/nist-csf-v2.0/de-cm/02
Description
- Monitor logs from physical access control systems (e.g., badge readers) to find unusual access patterns (e.g., deviations from the norm) and failed access attempts
- Review and monitor physical access records (e.g., from visitor registration, sign-in sheets)
- Monitor physical access controls (e.g., locks, latches, hinge pins, alarms) for signs of tampering
- Monitor the physical environment using alarm systems, cameras, and security guards
Similar
- Sections
/frameworks/nist-csf-v1.1/de-cm/02/frameworks/nist-sp-800-53-r5/ca/07/frameworks/nist-sp-800-53-r5/pe/03/frameworks/nist-sp-800-53-r5/pe/06/frameworks/nist-sp-800-53-r5/pe/20
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST CSF v1.1 → 💼 DE.CM-2: The physical environment is monitored to detect potential cybersecurity events | no data | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring | 6 | 13 | no data | ||
| 💼 NIST SP 800-53 Revision 5 → 💼 PE-3 Physical Access Control | 8 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 PE-6 Monitoring Physical Access | 4 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 PE-20 Asset Monitoring and Tracking | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (13)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS Account Multi-Region CloudTrail is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS API Gateway API Access Logging in CloudWatch is not enabled🟢 | 1 | 🟠 x1, 🟢 x5 | no data |
| 🛡️ AWS API Gateway API Execution Logging in CloudWatch is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS API Gateway REST API Stage X-Ray Tracing is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS CloudFront Distribution Logging is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS CloudTrail S3 Bucket Access Logging is not enabled.🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS CloudWatch Metric Alarm does not have any actions configured🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS DMS Migration Task Logging is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Auto Scaling Group behind ELB doesn't use ELB health check🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS Elastic Beanstalk Environment does not have enhanced health reporting enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS GuardDuty is not enabled in all regions🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS S3 Bucket Server Access Logging is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS VPC Flow Logs are not enabled🟢 | 1 | 🟠 x1, 🟢 x5 | no data |