πΌ ID.AM-02: Inventories of software, services, and systems managed by the organization are maintained
- Contextual name: πΌ ID.AM-02: Inventories of software, services, and systems managed by the organization are maintained
- ID:
/frameworks/nist-csf-v2.0/id-am/02 - Located in: πΌ Asset Management (ID.AM)
Descriptionβ
- Maintain inventories for all types of software and services, including commercial-off-the-shelf, open-source, custom applications, API services, and cloud-based applications and services
- Constantly monitor all platforms, including containers and virtual machines, for software and service inventory changes
- Maintain an inventory of the organization's systems
Similarβ
- Sections
/frameworks/nist-csf-v1.1/id-am/02/frameworks/nist-sp-800-53-r5/ac/20/frameworks/nist-sp-800-53-r5/cm/08/frameworks/nist-sp-800-53-r5/pm/05/frameworks/nist-sp-800-53-r5/sa/05/frameworks/nist-sp-800-53-r5/sa/09
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST CSF v1.1 β πΌ ID.AM-2: Software platforms and applications within the organization are inventoried | 4 | 6 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-20 Use of External Systems | 5 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ CM-8 System Component Inventory | 9 | 1 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-5 System Inventory | 1 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ SA-5 System Documentation | 5 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ SA-9 External System Services | 8 | 1 | 1 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (7)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS Account Config is not enabled in all regions π’ | 1 | π’ x6 |
| π AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports π’ | 1 | π’ x6 |
| π AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports π’ | 1 | π’ x6 |
| π AWS RDS Instance Auto Minor Version Upgrade is not enabled π π’ | 1 | π x1, π’ x6 |
| π Azure App Service does not run the latest Java version π’ | π’ x3 | |
| π Azure App Service does not run the latest PHP version π’ | π’ x3 | |
| π Azure App Service does not run the latest Python version π’ | π’ x3 |