💼 ID.AM-03: Representations of the organization's authorized network communication and internal and external network data flows are maintained

ID: /frameworks/nist-csf-v2.0/id-am/03

Description

Maintain baselines of communication and data flows within the organization's wired and wireless networks
Maintain baselines of communication and data flows between the organization and third parties
Maintain baselines of communication and data flows for the organization's infrastructure-as-a-service (IaaS) usage
Maintain documentation of expected network ports, protocols, and services that are typically used among authorized systems

Similar

Sections
- /frameworks/nist-csf-v1.1/id-am/03
- /frameworks/nist-csf-v1.1/de-ae/01
- /frameworks/nist-sp-800-53-r5/ac/04
- /frameworks/nist-sp-800-53-r5/ca/03
- /frameworks/nist-sp-800-53-r5/ca/09
- /frameworks/nist-sp-800-53-r5/pl/02
- /frameworks/nist-sp-800-53-r5/pl/08
- /frameworks/nist-sp-800-53-r5/pm/07

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Compliance
💼 NIST CSF v1.1 → 💼 DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed		10	34	no data
💼 NIST CSF v1.1 → 💼 ID.AM-3: Organizational communication and data flows are mapped		4	8	no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-4 Information Flow Enforcement	32	68	91	no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-3 Information Exchange	7			no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-9 Internal System Connections	1		26	no data
💼 NIST SP 800-53 Revision 5 → 💼 PL-2 System Security and Privacy Plans	3			no data
💼 NIST SP 800-53 Revision 5 → 💼 PL-8 Security and Privacy Architectures	2		3	no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-7 Enterprise Architecture	1			no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (69)

Policy	Logic Count	Flags	Compliance
🛡️ AWS API Gateway API Route Authorization Type is not configured🟢	1	🟢 x6	no data
🛡️ AWS API Gateway REST API Stage is not configured to use an SSL certificate for authentication🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Web Distribution uses default SSL/TLS certificate🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Web Distribution uses Dedicated IP for SSL🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins🟢	1	🟢 x6	no data
🛡️ AWS CloudTrail Log File Validation is not enabled🟢	1	🟢 x6	no data
🛡️ AWS DMS Endpoint doesn't use SSL🟢	1	🟢 x6	no data
🛡️ AWS DMS Replication Instance is publicly accessible🟢	1	🟢 x6	no data
🛡️ AWS EBS Snapshot is publicly accessible🟢	1	🟢 x6	no data
🛡️ AWS EC2 Auto Scaling Group behind ELB assigns public IP to instances🟢	1	🟢 x6	no data
🛡️ AWS EC2 Default Security Group does not restrict all traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Instance with an auto-assigned public IP address is in a default subnet🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted CIFS traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted FTP traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted RPC traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted SMTP traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MSSQL🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MySQL🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to PostgreSQL🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted Telnet traffic🟢	1	🟢 x6	no data
🛡️ AWS RDS Instance is publicly accessible and in an unrestricted public subnet🟢	1	🟢 x6	no data
🛡️ AWS RDS Instance uses default endpoint port🟢	1	🟢 x6	no data
🛡️ AWS RDS Snapshot is publicly accessible🟢	1	🟢 x6	no data
🛡️ AWS S3 Bucket is not configured to block public access🟢	1	🟢 x6	no data
🛡️ AWS S3 Bucket Policy is not set to deny HTTP requests🟢	1	🟢 x6	no data
🛡️ AWS S3 Bucket Versioning is not enabled🟢	1	🟢 x6	no data
🛡️ AWS VPC is not configured with a VPC Endpoint for Amazon EC2 service🟢	1	🟢 x6	no data
🛡️ AWS VPC Subnet Map Public IP On Launch is enabled🟢	1	🟢 x6	no data
🛡️ Azure App Service Authentication is disabled and Basic Authentication is enabled🟢	1	🟢 x6	no data
🛡️ Azure App Service Basic Authentication is enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ Azure App Service HTTPS Only configuration is not enabled🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure SQL Server Auditing is not enabled🟢	1	🟢 x6	no data
🛡️ Azure SQL Server Auditing Retention is less than 90 days🟢	1	🟢 x6	no data
🛡️ Azure Storage Account Secure Transfer Required is not enabled🟢	1	🟢 x6	no data
🛡️ Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests🟢	1	🟢 x6	no data
🛡️ Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests🟢	1	🟢 x6	no data
🛡️ Azure Subscription Network Watcher is not enabled in every available region🟢	1	🟢 x6	no data
🛡️ Google API Key is not restricted for unused APIs🟢	1	🟢 x6	no data
🛡️ Google API Key is not rotated every 90 days🟢	1	🟢 x6	no data
🛡️ Google Cloud SQL Instance External Authorized Networks whitelists all public IP addresses🟢	1	🟢 x6	no data
🛡️ Google Cloud SQL Instance SSL Connections are not enforced🟢	1	🟢 x6	no data
🛡️ Google GCE Firewall Rule logging is disabled🟢	1	🟢 x6	no data
🛡️ Google GCE Instance has a public IP address🟢	1	🟢 x6	no data
🛡️ Google GCE Instance IP Forwarding is not disabled.🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted CiscoSecure/WebSM traffic🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted DNS traffic🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted FTP traffic🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted HTTP traffic🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted LDAP traffic🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted NetBIOS traffic🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted POP3 traffic🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted SMTP traffic🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted SSH traffic🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted traffic to Cassandra🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted traffic to Directory services"🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted traffic to Elasticsearch🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted traffic to Memcached🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted traffic to MongoDB🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted traffic to MySQL🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted traffic to OracleDB🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted traffic to PostgreSQL🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted traffic to Redis🟢	1	🟢 x6	no data
🛡️ Google GCE Network allows unrestricted Telnet traffic🟢	1	🟢 x6	no data
🛡️ Google GKE Cluster Network policy is disabled.🟢	1	🟢 x6	no data
🛡️ Google Project has API Keys🟢	1	🟠 x1, 🟢 x5	no data

Description​

Similar​

Similar Sections (Take Policies From)​

Sub Sections​

Policies (69)​

Description

Similar

Similar Sections (Take Policies From)

Sub Sections

Policies (69)