Skip to main content

💼 DE.CM-09: Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events

  • ID: /frameworks/nist-csf-v2.0/de-cm/09

Description

Ex1: Monitor email, web, file sharing, collaboration services, and other common attack vectors to detect malware, phishing, data leaks and exfiltration, and other adverse events Ex2: Monitor authentication attempts to identify attacks against credentials and unauthorized credential reuse Ex3: Monitor software configurations for deviations from security baselines Ex4: Monitor hardware and software for signs of tampering Ex5: Use technologies with a presence on endpoints to detect cyber health issues (e.g., missing patches, malware infections, unauthorized software), and redirect the endpoints to a remediation environment before access is authorized

Similar

  • Sections
    • /frameworks/nist-csf-v1.1/pr-ds/06
    • /frameworks/nist-csf-v1.1/pr-ds/08
    • /frameworks/nist-csf-v1.1/de-cm/04
    • /frameworks/nist-csf-v1.1/de-cm/05
    • /frameworks/nist-csf-v1.1/de-cm/07
    • /frameworks/nist-sp-800-53-r5/ac/04
    • /frameworks/nist-sp-800-53-r5/ac/09
    • /frameworks/nist-sp-800-53-r5/au/12
    • /frameworks/nist-sp-800-53-r5/ca/07
    • /frameworks/nist-sp-800-53-r5/cm/03
    • /frameworks/nist-sp-800-53-r5/cm/06
    • /frameworks/nist-sp-800-53-r5/cm/10
    • /frameworks/nist-sp-800-53-r5/cm/11
    • /frameworks/nist-sp-800-53-r5/sc/34
    • /frameworks/nist-sp-800-53-r5/sc/35
    • /frameworks/nist-sp-800-53-r5/si/04
    • /frameworks/nist-sp-800-53-r5/si/07

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v1.1 → 💼 DE.CM-4: Malicious code is detected77no data
💼 NIST CSF v1.1 → 💼 DE.CM-5: Unauthorized mobile code is detected1112no data
💼 NIST CSF v1.1 → 💼 DE.CM-7: Monitoring for unauthorized personnel, connections, devices, and software is performed1824no data
💼 NIST CSF v1.1 → 💼 PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity2227no data
💼 NIST CSF v1.1 → 💼 PR.DS-8: Integrity checking mechanisms are used to verify hardware integrityno data
💼 NIST SP 800-53 Revision 5 → 💼 AC-4 Information Flow Enforcement326891no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-9 Previous Logon Notification4no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-12 Audit Record Generation44765no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring613no data
💼 NIST SP 800-53 Revision 5 → 💼 CM-3 Configuration Change Control81725no data
💼 NIST SP 800-53 Revision 5 → 💼 CM-6 Configuration Settings412no data
💼 NIST SP 800-53 Revision 5 → 💼 CM-10 Software Usage Restrictions1no data
💼 NIST SP 800-53 Revision 5 → 💼 CM-11 User-installed Software3no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-34 Non-modifiable Executable Programs3no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-35 External Malicious Code Identificationno data
💼 NIST SP 800-53 Revision 5 → 💼 SI-4 System Monitoring25110no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-7 Software, Firmware, and Information Integrity171943no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (142)

PolicyLogic CountFlagsCompliance
🛡️ AWS Account Config is not enabled in all regions🟢1🟢 x6no data
🛡️ AWS Account IAM Access Analyzer is not enabled for all regions🟢1🟢 x6no data
🛡️ AWS Account Multi-Region CloudTrail is not enabled🟢1🟢 x6no data
🛡️ AWS API Gateway API Access Logging in CloudWatch is not enabled🟢1🟠 x1, 🟢 x5no data
🛡️ AWS API Gateway API Execution Logging in CloudWatch is not enabled🟢1🟢 x6no data
🛡️ AWS API Gateway API Route Authorization Type is not configured🟢1🟢 x6no data
🛡️ AWS API Gateway REST API Stage is not configured to use an SSL certificate for authentication🟢1🟢 x6no data
🛡️ AWS API Gateway REST API Stage X-Ray Tracing is not enabled🟢1🟢 x6no data
🛡️ AWS CloudFront Distribution Logging is not enabled🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution does not encrypt traffic to Custom Origins🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution uses default SSL/TLS certificate🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution uses Dedicated IP for SSL🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins🟢1🟢 x6no data
🛡️ AWS CloudTrail AWS Organizations Changes Monitoring is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS CloudTrail Config Configuration Changes Monitoring is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS CloudTrail Configuration Changes Monitoring is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS CloudTrail Disable CMK or Schedule CMK Deletion Events Monitoring is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS CloudTrail IAM Policy Changes Monitoring is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS CloudTrail Log File Validation is not enabled🟢1🟢 x6no data
🛡️ AWS CloudTrail Management Console Authentication Failures Monitoring is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS CloudTrail Management Console Sign-In without MFA Monitoring is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS CloudTrail Network Access Control Lists Changes Monitoring is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS CloudTrail Network Gateways Changes Monitoring is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS CloudTrail Root Account Usage Monitoring is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS CloudTrail Route Table Changes Monitoring is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS CloudTrail S3 Bucket Access Logging is not enabled.🟢1🟢 x6no data
🛡️ AWS CloudTrail S3 Bucket Policy Changes Monitoring is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS CloudTrail Security Group Changes Monitoring is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS CloudTrail Unauthorized API Calls Monitoring is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS CloudTrail VPC Changes Monitoring is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS CloudWatch Metric Alarm does not have any actions configured🟢1🟢 x6no data
🛡️ AWS DMS Endpoint doesn't use SSL🟢1🟢 x6no data
🛡️ AWS DMS Migration Task Logging is not enabled🟢1🟢 x6no data
🛡️ AWS DMS Replication Instance Auto Minor Version Upgrade is not enabled🟢1🟢 x6no data
🛡️ AWS DMS Replication Instance is publicly accessible🟢1🟢 x6no data
🛡️ AWS EBS Snapshot is publicly accessible🟢1🟢 x6no data
🛡️ AWS EC2 Auto Scaling Group behind ELB assigns public IP to instances🟢1🟢 x6no data
🛡️ AWS EC2 Auto Scaling Group behind ELB doesn't use ELB health check🟢1🟢 x6no data
🛡️ AWS EC2 Default Security Group does not restrict all traffic🟢1🟢 x6no data
🛡️ AWS EC2 Instance with an auto-assigned public IP address is in a default subnet🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted CIFS traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted FTP traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted RPC traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted SMTP traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MSSQL🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MySQL🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to PostgreSQL🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted Telnet traffic🟢1🟢 x6no data
🛡️ AWS EKS Cluster Logging is not enabled for all control plane logs types🟢1🟢 x6no data
🛡️ AWS Elastic Beanstalk Environment does not have enhanced health reporting enabled🟢1🟢 x6no data
🛡️ AWS GuardDuty is not enabled in all regions🟢1🟢 x6no data
🛡️ AWS RDS Instance Auto Minor Version Upgrade is not enabled🟠🟢1🟠 x1, 🟢 x6no data
🛡️ AWS RDS Instance is publicly accessible and in an unrestricted public subnet🟢1🟢 x6no data
🛡️ AWS RDS Instance uses default endpoint port🟢1🟢 x6no data
🛡️ AWS RDS Snapshot is publicly accessible🟢1🟢 x6no data
🛡️ AWS S3 Bucket is not configured to block public access🟢1🟢 x6no data
🛡️ AWS S3 Bucket Policy is not set to deny HTTP requests🟢1🟢 x6no data
🛡️ AWS S3 Bucket Server Access Logging is not enabled🟢1🟢 x6no data
🛡️ AWS Security Hub is not enabled🟢1🟢 x6no data
🛡️ AWS VPC Flow Logs are not enabled🟢1🟠 x1, 🟢 x5no data
🛡️ AWS VPC is not configured with a VPC Endpoint for Amazon EC2 service🟢1🟢 x6no data
🛡️ AWS VPC Subnet Map Public IP On Launch is enabled🟢1🟢 x6no data
🛡️ Azure App Service Authentication is disabled and Basic Authentication is enabled🟢1🟢 x6no data
🛡️ Azure App Service Basic Authentication is enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure App Service does not run the latest Java version🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure App Service does not run the latest PHP version🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure App Service does not run the latest Python version🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure App Service FTP deployments are not disabled🟢1🟢 x6no data
🛡️ Azure App Service HTTPS Only configuration is not enabled🟢1🟢 x6no data
🛡️ Azure Diagnostic Setting captures Administrative, Alert, Policy, and Security categories🟢1🟢 x6no data
🛡️ Azure Diagnostic Setting for Azure Key Vault is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure Network Security Group Flow Logs retention period is less than 90 days🟢1🟢 x6no data
🛡️ Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure PostgreSQL Flexible Server log_checkpoints Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure PostgreSQL Flexible Server log_retention_days Parameter is less than 4 days🟢1🟢 x6no data
🛡️ Azure PostgreSQL Flexible Server require_secure_transport Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure PostgreSQL Single Server Enforce SSL Connection is not set enabled🟢1🟢 x6no data
🛡️ Azure PostgreSQL Single Server Infrastructure Double Encryption is not enabled🟢1🟢 x6no data
🛡️ Azure PostgreSQL Single Server log_connections Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure PostgreSQL Single Server log_disconnections Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure SQL Server Auditing is not enabled🟢1🟢 x6no data
🛡️ Azure SQL Server Auditing Retention is less than 90 days🟢1🟢 x6no data
🛡️ Azure Storage Account Secure Transfer Required is not enabled🟢1🟢 x6no data
🛡️ Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests🟢1🟢 x6no data
🛡️ Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests🟢1🟢 x6no data
🛡️ Azure Subscription Activity Log Alert for Create or Update Network Security Group does not exist🟢1🟢 x6no data
🛡️ Azure Subscription Activity Log Alert for Create or Update Security Solution does not exist🟢1🟢 x6no data
🛡️ Azure Subscription Activity Log Alert for Create or Update SQL Server Firewall Rule does not exist🟢1🟢 x6no data
🛡️ Azure Subscription Activity Log Alert for Create Policy Assignment does not exist🟢1🟢 x6no data
🛡️ Azure Subscription Activity Log Alert for Delete Network Security Group does not exist🟢1🟢 x6no data
🛡️ Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist🟢1🟢 x6no data
🛡️ Azure Subscription Activity Log Alert for Delete Security Solution does not exist🟢1🟢 x6no data
🛡️ Azure Subscription Activity Log Alert for Delete SQL Server Firewall Rule does not exist🟢1🟢 x6no data
🛡️ Azure Subscription Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On🟢1🟢 x6no data
🛡️ Azure Subscription Microsoft Defender For App Services is not set to On🟢1🟢 x6no data
🛡️ Azure Subscription Microsoft Defender For Containers is not set to On🟢1🟢 x6no data
🛡️ Azure Subscription Microsoft Defender For Key Vault is not set to On🟢1🟢 x6no data
🛡️ Azure Subscription Microsoft Defender For Servers is not set to On🟢1🟢 x6no data
🛡️ Azure Subscription Microsoft Defender For SQL Servers On Machines is not set to On🟢1🟢 x6no data
🛡️ Azure Subscription Microsoft Defender For Storage is not set to On🟢1🟢 x6no data
🛡️ Azure Subscription Network Watcher is not enabled in every available region🟢1🟢 x6no data
🛡️ Azure Subscription Security Alert Notifications additional email address is not configured🟢1🟢 x6no data
🛡️ Azure Subscription Security Alert Notifications for alerts with High or Critical severity are not configured🟢1🟢 x6no data
🛡️ Azure Subscription Security Alert Notifications to subscription owners are not configured🟢1🟢 x6no data
🛡️ Google BigQuery Dataset is anonymously or publicly accessible🟢1🟢 x6no data
🛡️ Google Cloud Audit Logging is not configured properly🟢1🟢 x6no data
🛡️ Google Cloud DNS Managed Zone DNSSEC is not enabled🟢1🟢 x6no data
🛡️ Google Cloud DNS Managed Zone DNSSEC Key-Signing Algorithm is RSASHA1🟢1🟢 x6no data
🛡️ Google Cloud DNS Managed Zone DNSSEC Zone-Signing Algorithm is RSASHA1🟢1🟢 x6no data
🛡️ Google Cloud MySQL Instance Local_infile Database Flag is not set to off🟢1🟢 x6no data
🛡️ Google Cloud PostgreSQL Instance Log_error_verbosity Database Flag is not set to DEFAULT or stricter🟢1🟢 x6no data
🛡️ Google Cloud PostgreSQL Instance Log_connections Database Flag is not set to On🟢1🟢 x6no data
🛡️ Google Cloud PostgreSQL Instance Log_disconnections Database Flag is not set to On🟢1🟢 x6no data
🛡️ Google Cloud PostgreSQL Instance Log_min_error_statement Database Flag is not set to Error or stricter🟢1🟢 x6no data
🛡️ Google Cloud PostgreSQL Instance Log_min_messages Database Flag is not set at minimum to Warning🟢1🟢 x6no data
🛡️ Google Cloud PostgreSQL Instance Log_statement Database Flag is not set appropriately🟢1🟢 x6no data
🛡️ Google Cloud SQL Instance SSL Connections are not enforced🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance external scripts enabled Database Flag is not set to off🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance remote access Database Flag is not set to off🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance user options Database Flag is configured🟢1🟢 x6no data
🛡️ Google GCE Firewall Rule logging is disabled🟢1🟢 x6no data
🛡️ Google GCE Instance Enable Connecting to Serial Ports is not disabled🟢1🟢 x6no data
🛡️ Google GCE Subnetwork Flow Logs are not enabled🟢1🟢 x6no data
🛡️ Google HTTP(S) Load Balancer Logging is not enabled🟢1🟢 x6no data
🛡️ Google HTTPS or SSL Proxy Load Balancer permits SSL policies with weak cipher suites🟢⚪🟢 x2, ⚪ x1no data
🛡️ Google Logging Log Metric Filter and Alerts for Audit Configuration Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for Custom Role Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for Project Ownership Assignments Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for SQL Instance Configuration Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for VPC Network Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for VPC Network Firewall Rule Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for VPC Network Route Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Sink for All Log Entries is not configured🟢1🟢 x6no data
🛡️ Google Project has a default network🟢1🟢 x6no data
🛡️ Google Project has a legacy network🟢1🟢 x6no data
🛡️ Google Storage Bucket is anonymously or publicly accessible🟢1🟢 x6no data