Skip to main content

πŸ’Ό ID.IM-01: Improvements are identified from evaluations

  • Contextual name: πŸ’Ό ID.IM-01: Improvements are identified from evaluations
  • ID: /frameworks/nist-csf-v2.0/id-im/01
  • Located in: πŸ’Ό Improvement (ID.IM)

Description​

  1. Perform self-assessments of critical services that take current threats and TTPs into consideration
  2. Invest in third-party assessments or independent audits of the effectiveness of the organization's cybersecurity program to identify areas that need improvement
  3. Constantly evaluate compliance with selected cybersecurity requirements through automated means

Similar​

  • Sections
    • /frameworks/nist-sp-800-53-r5/ac/01
    • /frameworks/nist-sp-800-53-r5/at/01
    • /frameworks/nist-sp-800-53-r5/au/01
    • /frameworks/nist-sp-800-53-r5/ca/01
    • /frameworks/nist-sp-800-53-r5/cm/01
    • /frameworks/nist-sp-800-53-r5/cp/01
    • /frameworks/nist-sp-800-53-r5/ia/01
    • /frameworks/nist-sp-800-53-r5/ir/01
    • /frameworks/nist-sp-800-53-r5/ma/01
    • /frameworks/nist-sp-800-53-r5/mp/01
    • /frameworks/nist-sp-800-53-r5/pe/01
    • /frameworks/nist-sp-800-53-r5/pl/01
    • /frameworks/nist-sp-800-53-r5/pm/01
    • /frameworks/nist-sp-800-53-r5/ps/01
    • /frameworks/nist-sp-800-53-r5/pt/01
    • /frameworks/nist-sp-800-53-r5/ra/01
    • /frameworks/nist-sp-800-53-r5/sa/01
    • /frameworks/nist-sp-800-53-r5/sc/01
    • /frameworks/nist-sp-800-53-r5/si/01
    • /frameworks/nist-sp-800-53-r5/sr/01
    • /frameworks/nist-sp-800-53-r5/ca/02
    • /frameworks/nist-sp-800-53-r5/ca/05
    • /frameworks/nist-sp-800-53-r5/ca/07
    • /frameworks/nist-sp-800-53-r5/ca/08
    • /frameworks/nist-sp-800-53-r5/cp/02
    • /frameworks/nist-sp-800-53-r5/ir/04
    • /frameworks/nist-sp-800-53-r5/ir/08
    • /frameworks/nist-sp-800-53-r5/pl/02
    • /frameworks/nist-sp-800-53-r5/ra/03
    • /frameworks/nist-sp-800-53-r5/ra/05
    • /frameworks/nist-sp-800-53-r5/ra/07
    • /frameworks/nist-sp-800-53-r5/sa/08
    • /frameworks/nist-sp-800-53-r5/sa/11
    • /frameworks/nist-sp-800-53-r5/sa/17/06
    • /frameworks/nist-sp-800-53-r5/si/02
    • /frameworks/nist-sp-800-53-r5/si/04
    • /frameworks/nist-sp-800-53-r5/sr/05

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AT-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CA-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CA-2 Control Assessments3
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CA-5 Plan of Action and Milestones1
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CA-7 Continuous Monitoring68
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CA-8 Penetration Testing3
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CM-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CP-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CP-2 Contingency Plan81
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IA-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IR-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IR-4 Incident Handling15
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IR-8 Incident Response Plan1
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό MA-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό MP-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PE-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PL-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PL-2 System Security and Privacy Plans3
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PM-1 Information Security Program Plan
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PS-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PT-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό RA-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό RA-3 Risk Assessment4
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό RA-5 Vulnerability Monitoring and Scanning11
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό RA-7 Risk Response
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SA-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SA-8 Security and Privacy Engineering Principles331
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SA-11 Developer Testing and Evaluation9
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SA-17(6) Developer Security and Privacy Architecture and Design _ Structure for Testing
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-2 Flaw Remediation656
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-4 System Monitoring2526
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SR-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SR-5 Acquisition Strategies, Tools, and Methods2

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (10)​

PolicyLogic CountFlags
πŸ“ AWS Account Multi-Region CloudTrail is not enabled 🟒1🟒 x6
πŸ“ AWS API Gateway API Access Logging in CloudWatch is not enabled 🟒1🟠 x1, 🟒 x5
πŸ“ AWS API Gateway API Execution Logging in CloudWatch is not enabled 🟒1🟒 x6
πŸ“ AWS API Gateway REST API Stage X-Ray Tracing is not enabled 🟒1🟒 x6
πŸ“ AWS CloudTrail Log File Validation is not enabled 🟒1🟒 x6
πŸ“ AWS CloudTrail S3 Bucket Access Logging is not enabled. 🟒1🟒 x6
πŸ“ AWS EC2 Auto Scaling Group behind ELB doesn't use ELB health check 🟒1🟒 x6
πŸ“ AWS RDS Instance Auto Minor Version Upgrade is not enabled 🟠🟒1🟠 x1, 🟒 x6
πŸ“ AWS S3 Bucket Server Access Logging is not enabled 🟒1🟒 x6
πŸ“ AWS VPC Flow Logs are not enabled 🟒1🟠 x1, 🟒 x5