💼 ID.AM-02: Inventories of software, services, and systems managed by the organization are maintained
- ID:
/frameworks/nist-csf-v2.0/id-am/02
Description
- Maintain inventories for all types of software and services, including commercial-off-the-shelf, open-source, custom applications, API services, and cloud-based applications and services
- Constantly monitor all platforms, including containers and virtual machines, for software and service inventory changes
- Maintain an inventory of the organization's systems
Similar
- Sections
/frameworks/nist-csf-v1.1/id-am/02/frameworks/nist-sp-800-53-r5/ac/20/frameworks/nist-sp-800-53-r5/cm/08/frameworks/nist-sp-800-53-r5/pm/05/frameworks/nist-sp-800-53-r5/sa/05/frameworks/nist-sp-800-53-r5/sa/09
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST CSF v1.1 → 💼 ID.AM-2: Software platforms and applications within the organization are inventoried | 5 | 7 | no data | ||
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-20 Use of External Systems | 5 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 CM-8 System Component Inventory | 9 | 5 | no data | ||
| 💼 NIST SP 800-53 Revision 5 → 💼 PM-5 System Inventory | 1 | 1 | no data | ||
| 💼 NIST SP 800-53 Revision 5 → 💼 SA-5 System Documentation | 5 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SA-9 External System Services | 8 | 1 | 1 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (9)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS Account Config is not enabled in all regions🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS DMS Replication Instance Auto Minor Version Upgrade is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS RDS Instance Auto Minor Version Upgrade is not enabled🟠🟢 | 1 | 🟠 x1, 🟢 x6 | no data |
| 🛡️ Azure App Service does not run the latest Java version🟢⚪ | 🟢 x2, ⚪ x1 | no data | |
| 🛡️ Azure App Service does not run the latest PHP version🟢⚪ | 🟢 x2, ⚪ x1 | no data | |
| 🛡️ Azure App Service does not run the latest Python version🟢⚪ | 🟢 x2, ⚪ x1 | no data | |
| 🛡️ Google Cloud Asset Inventory API is not enabled🟢 | 1 | 🟢 x6 | no data |