💼 DE.CM-03: Personnel activity and technology usage are monitored to find potentially adverse events

ID: /frameworks/nist-csf-v2.0/de-cm/03

Description

Use behavior analytics software to detect anomalous user activity to mitigate insider threats
Monitor logs from logical access control systems to find unusual access patterns and failed access attempts
Continuously monitor deception technology, including user accounts, for any usage

Similar

Sections
- /frameworks/nist-csf-v1.1/de-cm/03
- /frameworks/nist-csf-v1.1/de-cm/07
- /frameworks/nist-sp-800-53-r5/ac/02
- /frameworks/nist-sp-800-53-r5/au/12
- /frameworks/nist-sp-800-53-r5/au/13
- /frameworks/nist-sp-800-53-r5/ca/07
- /frameworks/nist-sp-800-53-r5/cm/10
- /frameworks/nist-sp-800-53-r5/cm/11

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Compliance
💼 NIST CSF v1.1 → 💼 DE.CM-3: Personnel activity is monitored to detect potential cybersecurity events		20	26	no data
💼 NIST CSF v1.1 → 💼 DE.CM-7: Monitoring for unauthorized personnel, connections, devices, and software is performed		18	24	no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-2 Account Management	13	20	37	no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-12 Audit Record Generation	4	47	65	no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-13 Monitoring for Information Disclosure	3			no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring	6		13	no data
💼 NIST SP 800-53 Revision 5 → 💼 CM-10 Software Usage Restrictions	1			no data
💼 NIST SP 800-53 Revision 5 → 💼 CM-11 User-installed Software	3			no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (85)

Policy	Logic Count	Flags	Compliance
🛡️ AWS Account Config is not enabled in all regions🟢	1	🟢 x6	no data
🛡️ AWS Account IAM Access Analyzer is not enabled for all regions🟢	1	🟢 x6	no data
🛡️ AWS Account Multi-Region CloudTrail is not enabled🟢	1	🟢 x6	no data
🛡️ AWS API Gateway API Access Logging in CloudWatch is not enabled🟢	1	🟠 x1, 🟢 x5	no data
🛡️ AWS API Gateway API Execution Logging in CloudWatch is not enabled🟢	1	🟢 x6	no data
🛡️ AWS API Gateway REST API Stage X-Ray Tracing is not enabled🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Distribution Logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS CloudTrail AWS Organizations Changes Monitoring is not enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ AWS CloudTrail Config Configuration Changes Monitoring is not enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ AWS CloudTrail Configuration Changes Monitoring is not enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ AWS CloudTrail Disable CMK or Schedule CMK Deletion Events Monitoring is not enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ AWS CloudTrail IAM Policy Changes Monitoring is not enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ AWS CloudTrail Log File Validation is not enabled🟢	1	🟢 x6	no data
🛡️ AWS CloudTrail Management Console Authentication Failures Monitoring is not enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ AWS CloudTrail Management Console Sign-In without MFA Monitoring is not enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ AWS CloudTrail Network Access Control Lists Changes Monitoring is not enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ AWS CloudTrail Network Gateways Changes Monitoring is not enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ AWS CloudTrail Root Account Usage Monitoring is not enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ AWS CloudTrail Route Table Changes Monitoring is not enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ AWS CloudTrail S3 Bucket Access Logging is not enabled.🟢	1	🟢 x6	no data
🛡️ AWS CloudTrail S3 Bucket Policy Changes Monitoring is not enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ AWS CloudTrail Security Group Changes Monitoring is not enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ AWS CloudTrail Unauthorized API Calls Monitoring is not enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ AWS CloudTrail VPC Changes Monitoring is not enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ AWS CloudWatch Metric Alarm does not have any actions configured🟢	1	🟢 x6	no data
🛡️ AWS DMS Migration Task Logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS EC2 Auto Scaling Group behind ELB doesn't use ELB health check🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports🟢	1	🟢 x6	no data
🛡️ AWS EKS Cluster Logging is not enabled for all control plane logs types🟢	1	🟢 x6	no data
🛡️ AWS Elastic Beanstalk Environment does not have enhanced health reporting enabled🟢	1	🟢 x6	no data
🛡️ AWS GuardDuty is not enabled in all regions🟢	1	🟢 x6	no data
🛡️ AWS IAM Policy allows full administrative privileges🟢	1	🟢 x6	no data
🛡️ AWS IAM User has inline or directly attached policies🟢	1	🟠 x1, 🟢 x5	no data
🛡️ AWS IAM User with credentials unused for 45 days or more is not disabled🟢	1	🟢 x6	no data
🛡️ AWS RDS Instance Auto Minor Version Upgrade is not enabled🟠🟢	1	🟠 x1, 🟢 x6	no data
🛡️ AWS S3 Bucket Server Access Logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS Security Hub is not enabled🟢	1	🟢 x6	no data
🛡️ AWS VPC Flow Logs are not enabled🟢	1	🟠 x1, 🟢 x5	no data
🛡️ Azure App Service does not run the latest Java version🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ Azure App Service does not run the latest PHP version🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ Azure App Service does not run the latest Python version🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ Azure Diagnostic Setting captures Administrative, Alert, Policy, and Security categories🟢	1	🟢 x6	no data
🛡️ Azure Diagnostic Setting for Azure Key Vault is not enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ Azure Network Security Group Flow Logs retention period is less than 90 days🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Flexible Server log_checkpoints Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Flexible Server log_retention_days Parameter is less than 4 days🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Single Server log_connections Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Single Server log_disconnections Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure SQL Server Auditing is not enabled🟢	1	🟢 x6	no data
🛡️ Azure SQL Server Auditing Retention is less than 90 days🟢	1	🟢 x6	no data
🛡️ Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests🟢	1	🟢 x6	no data
🛡️ Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Create or Update Network Security Group does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Create or Update Security Solution does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Create or Update SQL Server Firewall Rule does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Create Policy Assignment does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Delete Network Security Group does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Delete Security Solution does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Delete SQL Server Firewall Rule does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Security Alert Notifications additional email address is not configured🟢	1	🟢 x6	no data
🛡️ Azure Subscription Security Alert Notifications for alerts with High or Critical severity are not configured🟢	1	🟢 x6	no data
🛡️ Azure Subscription Security Alert Notifications to subscription owners are not configured🟢	1	🟢 x6	no data
🛡️ Google BigQuery Dataset is anonymously or publicly accessible🟢	1	🟢 x6	no data
🛡️ Google Cloud Audit Logging is not configured properly🟢	1	🟢 x6	no data
🛡️ Google Cloud PostgreSQL Instance `Log_error_verbosity` Database Flag is not set to DEFAULT or stricter🟢	1	🟢 x6	no data
🛡️ Google Cloud PostgreSQL Instance Log_connections Database Flag is not set to On🟢	1	🟢 x6	no data
🛡️ Google Cloud PostgreSQL Instance Log_disconnections Database Flag is not set to On🟢	1	🟢 x6	no data
🛡️ Google Cloud PostgreSQL Instance Log_min_error_statement Database Flag is not set to Error or stricter🟢	1	🟢 x6	no data
🛡️ Google Cloud PostgreSQL Instance Log_min_messages Database Flag is not set at minimum to Warning🟢	1	🟢 x6	no data
🛡️ Google Cloud PostgreSQL Instance Log_statement Database Flag is not set appropriately🟢	1	🟢 x6	no data
🛡️ Google GCE Firewall Rule logging is disabled🟢	1	🟢 x6	no data
🛡️ Google GCE Instance OS Login is not enabled🟢	1	🟢 x6	no data
🛡️ Google HTTP(S) Load Balancer Logging is not enabled🟢	1	🟢 x6	no data
🛡️ Google Logging Log Metric Filter and Alerts for Audit Configuration Changes do not exist🟢	1	🟢 x6	no data
🛡️ Google Logging Log Metric Filter and Alerts for Custom Role Changes do not exist🟢	1	🟢 x6	no data
🛡️ Google Logging Log Metric Filter and Alerts for Project Ownership Assignments Changes do not exist🟢	1	🟢 x6	no data
🛡️ Google Logging Log Metric Filter and Alerts for SQL Instance Configuration Changes do not exist🟢	1	🟢 x6	no data
🛡️ Google Logging Log Metric Filter and Alerts for VPC Network Changes do not exist🟢	1	🟢 x6	no data
🛡️ Google Logging Log Metric Filter and Alerts for VPC Network Firewall Rule Changes do not exist🟢	1	🟢 x6	no data
🛡️ Google Logging Log Metric Filter and Alerts for VPC Network Route Changes do not exist🟢	1	🟢 x6	no data
🛡️ Google Logging Log Sink for All Log Entries is not configured🟢	1	🟢 x6	no data
🛡️ Google Storage Bucket is anonymously or publicly accessible🟢	1	🟢 x6	no data

Description​

Similar​

Similar Sections (Take Policies From)​

Sub Sections​

Policies (85)​

Description

Similar

Similar Sections (Take Policies From)

Sub Sections

Policies (85)