💼 ID.IM-01: Improvements are identified from evaluations

Contextual name: 💼 ID.IM-01: Improvements are identified from evaluations
ID: /frameworks/nist-csf-v2.0/id-im/01
Located in: 💼 Improvement (ID.IM)

Description

Perform self-assessments of critical services that take current threats and TTPs into consideration
Invest in third-party assessments or independent audits of the effectiveness of the organization's cybersecurity program to identify areas that need improvement
Constantly evaluate compliance with selected cybersecurity requirements through automated means

Similar

Sections
- /frameworks/nist-sp-800-53-r5/ac/01
- /frameworks/nist-sp-800-53-r5/at/01
- /frameworks/nist-sp-800-53-r5/au/01
- /frameworks/nist-sp-800-53-r5/ca/01
- /frameworks/nist-sp-800-53-r5/cm/01
- /frameworks/nist-sp-800-53-r5/cp/01
- /frameworks/nist-sp-800-53-r5/ia/01
- /frameworks/nist-sp-800-53-r5/ir/01
- /frameworks/nist-sp-800-53-r5/ma/01
- /frameworks/nist-sp-800-53-r5/mp/01
- /frameworks/nist-sp-800-53-r5/pe/01
- /frameworks/nist-sp-800-53-r5/pl/01
- /frameworks/nist-sp-800-53-r5/pm/01
- /frameworks/nist-sp-800-53-r5/ps/01
- /frameworks/nist-sp-800-53-r5/pt/01
- /frameworks/nist-sp-800-53-r5/ra/01
- /frameworks/nist-sp-800-53-r5/sa/01
- /frameworks/nist-sp-800-53-r5/sc/01
- /frameworks/nist-sp-800-53-r5/si/01
- /frameworks/nist-sp-800-53-r5/sr/01
- /frameworks/nist-sp-800-53-r5/ca/02
- /frameworks/nist-sp-800-53-r5/ca/05
- /frameworks/nist-sp-800-53-r5/ca/07
- /frameworks/nist-sp-800-53-r5/ca/08
- /frameworks/nist-sp-800-53-r5/cp/02
- /frameworks/nist-sp-800-53-r5/ir/04
- /frameworks/nist-sp-800-53-r5/ir/08
- /frameworks/nist-sp-800-53-r5/pl/02
- /frameworks/nist-sp-800-53-r5/ra/03
- /frameworks/nist-sp-800-53-r5/ra/05
- /frameworks/nist-sp-800-53-r5/ra/07
- /frameworks/nist-sp-800-53-r5/sa/08
- /frameworks/nist-sp-800-53-r5/sa/11
- /frameworks/nist-sp-800-53-r5/sa/17/06
- /frameworks/nist-sp-800-53-r5/si/02
- /frameworks/nist-sp-800-53-r5/si/04
- /frameworks/nist-sp-800-53-r5/sr/05

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies
💼 NIST SP 800-53 Revision 5 → 💼 AC-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 AT-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 AU-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 CA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 CA-2 Control Assessments	3
💼 NIST SP 800-53 Revision 5 → 💼 CA-5 Plan of Action and Milestones	1
💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring	6		10
💼 NIST SP 800-53 Revision 5 → 💼 CA-8 Penetration Testing	3
💼 NIST SP 800-53 Revision 5 → 💼 CM-1 Policy and Procedures			3
💼 NIST SP 800-53 Revision 5 → 💼 CP-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 CP-2 Contingency Plan	8		2
💼 NIST SP 800-53 Revision 5 → 💼 IA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 IR-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 IR-4 Incident Handling	15
💼 NIST SP 800-53 Revision 5 → 💼 IR-8 Incident Response Plan	1
💼 NIST SP 800-53 Revision 5 → 💼 MA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 MP-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PE-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PL-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PL-2 System Security and Privacy Plans	3
💼 NIST SP 800-53 Revision 5 → 💼 PM-1 Information Security Program Plan
💼 NIST SP 800-53 Revision 5 → 💼 PS-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PT-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 RA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 RA-3 Risk Assessment	4
💼 NIST SP 800-53 Revision 5 → 💼 RA-5 Vulnerability Monitoring and Scanning	11
💼 NIST SP 800-53 Revision 5 → 💼 RA-7 Risk Response
💼 NIST SP 800-53 Revision 5 → 💼 SA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SA-8 Security and Privacy Engineering Principles	33		7
💼 NIST SP 800-53 Revision 5 → 💼 SA-11 Developer Testing and Evaluation	9
💼 NIST SP 800-53 Revision 5 → 💼 SA-17(6) Developer Security and Privacy Architecture and Design _ Structure for Testing
💼 NIST SP 800-53 Revision 5 → 💼 SC-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SI-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SI-2 Flaw Remediation	6	6	7
💼 NIST SP 800-53 Revision 5 → 💼 SI-4 System Monitoring	25	1	8
💼 NIST SP 800-53 Revision 5 → 💼 SR-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SR-5 Acquisition Strategies, Tools, and Methods	2

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (20)

Policy	Logic Count	Flags
📝 AWS Account Multi-Region CloudTrail is not enabled 🟢	1	🟢 x6
📝 AWS API Gateway API Access Logging in CloudWatch is not enabled 🟢	1	🟠 x1, 🟢 x5
📝 AWS API Gateway API Execution Logging in CloudWatch is not enabled 🟢	1	🟢 x6
📝 AWS API Gateway REST API Stage X-Ray Tracing is not enabled 🟢	1	🟢 x6
📝 AWS CloudFront Distribution Logging is not enabled 🟢	1	🟢 x6
📝 AWS CloudTrail Log File Validation is not enabled 🟢	1	🟢 x6
📝 AWS CloudTrail S3 Bucket Access Logging is not enabled. 🟢	1	🟢 x6
📝 AWS DMS Migration Task Logging is not enabled 🟢	1	🟢 x6
📝 AWS DMS Replication Instance Auto Minor Version Upgrade is not enabled 🟢	1	🟢 x6
📝 AWS EC2 Auto Scaling Group behind ELB doesn't use ELB health check 🟢	1	🟢 x6
📝 AWS RDS Instance Auto Minor Version Upgrade is not enabled 🟠🟢	1	🟠 x1, 🟢 x6
📝 AWS S3 Bucket Server Access Logging is not enabled 🟢	1	🟢 x6
📝 AWS VPC Flow Logs are not enabled 🟢	1	🟠 x1, 🟢 x5
📝 Google API Key is not restricted for unused APIs 🟢	1	🟢 x6
📝 Google API Key is not rotated every 90 days 🟢	1	🟢 x6
📝 Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on 🟢	1	🟢 x6
📝 Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value 🟢	1	🟢 x6
📝 Google Cloud SQL Server Instance user options Database Flag is configured 🟢	1	🟢 x6
📝 Google GCE Subnetwork Flow Logs are not enabled 🟢	1	🟢 x6
📝 Google Project has API Keys 🟢	1	🟠 x1, 🟢 x5

Description​

Similar​

Similar Sections (Take Policies From)​

Sub Sections​

Policies (20)​

Description

Similar

Similar Sections (Take Policies From)

Sub Sections

Policies (20)