💼 ID.AM-03: Representations of the organization's authorized network communication and internal and external network data flows are maintained

• Contextual name: 💼 ID.AM-03: Representations of the organization's authorized network communication and internal and external network data flows are maintained
• ID: /frameworks/nist-csf-v2.0/id-am/03
• Located in: 💼 Asset Management (ID.AM)

Description

1. Maintain baselines of communication and data flows within the organization's wired and wireless networks
2. Maintain baselines of communication and data flows between the organization and third parties
3. Maintain baselines of communication and data flows for the organization's infrastructure-as-a-service (IaaS) usage
4. Maintain documentation of expected network ports, protocols, and services that are typically used among authorized systems

Similar

• Sections
  • /frameworks/nist-csf-v1.1/id-am/03
  • /frameworks/nist-csf-v1.1/de-ae/01
  • /frameworks/nist-sp-800-53-r5/ac/04
  • /frameworks/nist-sp-800-53-r5/ca/03
  • /frameworks/nist-sp-800-53-r5/ca/09
  • /frameworks/nist-sp-800-53-r5/pl/02
  • /frameworks/nist-sp-800-53-r5/pl/08
  • /frameworks/nist-sp-800-53-r5/pm/07

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed		10	11
💼 NIST CSF v1.1 → 💼 ID.AM-3: Organizational communication and data flows are mapped		3	3
💼 NIST SP 800-53 Revision 5 → 💼 AC-4 Information Flow Enforcement	32	61	73
💼 NIST SP 800-53 Revision 5 → 💼 CA-3 Information Exchange	7
💼 NIST SP 800-53 Revision 5 → 💼 CA-9 Internal System Connections	1		15
💼 NIST SP 800-53 Revision 5 → 💼 PL-2 System Security and Privacy Plans	3
💼 NIST SP 800-53 Revision 5 → 💼 PL-8 Security and Privacy Architectures	2
💼 NIST SP 800-53 Revision 5 → 💼 PM-7 Enterprise Architecture	1

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (31)

Policy	Logic Count	Flags
📝 AWS Account Multi-Region CloudTrail is not enabled 🟢	1	🟢 x6
📝 AWS API Gateway API Route Authorization Type is not configured 🟢	1	🟢 x6
📝 AWS API Gateway REST API Stage is not configured to use an SSL certificate for authentication 🟢	1	🟢 x6
📝 AWS CloudTrail Log File Validation is not enabled 🟢	1	🟢 x6
📝 AWS EC2 Default Security Group does not restrict all traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted CIFS traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted FTP traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted RPC traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted SMTP traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to MSSQL 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to MySQL 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to PostgreSQL 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted Telnet traffic 🟢	1	🟢 x6
📝 AWS RDS Instance is publicly accessible and in an unrestricted public subnet 🟢	1	🟢 x6
📝 AWS RDS Instance uses default endpoint port 🟢	1	🟢 x6
📝 AWS RDS Snapshot is publicly accessible 🟢	1	🟢 x6
📝 AWS S3 Bucket is not configured to block public access 🟢	1	🟢 x6
📝 AWS S3 Bucket Policy is not set to deny HTTP requests 🟢	1	🟢 x6
📝 AWS S3 Bucket Versioning is not enabled 🟢	1	🟢 x6
📝 Azure App Service Authentication is disabled and Basic Authentication is enabled 🟢	1	🟢 x6
📝 Azure App Service Basic Authentication is enabled 🟢		🟢 x3
📝 Azure App Service HTTPS Only configuration is not enabled 🟢	1	🟢 x6
📝 Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure SQL Server Auditing is not enabled 🟢	1	🟢 x6
📝 Azure SQL Server Auditing Retention is less than 90 days 🟢	1	🟢 x6
📝 Azure Storage Account Secure Transfer Required is not enabled 🟢	1	🟢 x6
📝 Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests 🟢	1	🟢 x6
📝 Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests 🟢	1	🟢 x6
📝 Azure Subscription Network Watcher is not enabled in every available region 🟢	1	🔴 x1, 🟢 x5