Skip to main content

💼 ID.IM-01: Improvements are identified from evaluations

  • ID: /frameworks/nist-csf-v2.0/id-im/01

Stats

not available

Description

  1. Perform self-assessments of critical services that take current threats and TTPs into consideration
  2. Invest in third-party assessments or independent audits of the effectiveness of the organization's cybersecurity program to identify areas that need improvement
  3. Constantly evaluate compliance with selected cybersecurity requirements through automated means

Similar

  • Sections
    • /frameworks/nist-sp-800-53-r5/ac/01
    • /frameworks/nist-sp-800-53-r5/at/01
    • /frameworks/nist-sp-800-53-r5/au/01
    • /frameworks/nist-sp-800-53-r5/ca/01
    • /frameworks/nist-sp-800-53-r5/cm/01
    • /frameworks/nist-sp-800-53-r5/cp/01
    • /frameworks/nist-sp-800-53-r5/ia/01
    • /frameworks/nist-sp-800-53-r5/ir/01
    • /frameworks/nist-sp-800-53-r5/ma/01
    • /frameworks/nist-sp-800-53-r5/mp/01
    • /frameworks/nist-sp-800-53-r5/pe/01
    • /frameworks/nist-sp-800-53-r5/pl/01
    • /frameworks/nist-sp-800-53-r5/pm/01
    • /frameworks/nist-sp-800-53-r5/ps/01
    • /frameworks/nist-sp-800-53-r5/pt/01
    • /frameworks/nist-sp-800-53-r5/ra/01
    • /frameworks/nist-sp-800-53-r5/sa/01
    • /frameworks/nist-sp-800-53-r5/sc/01
    • /frameworks/nist-sp-800-53-r5/si/01
    • /frameworks/nist-sp-800-53-r5/sr/01
    • /frameworks/nist-sp-800-53-r5/ca/02
    • /frameworks/nist-sp-800-53-r5/ca/05
    • /frameworks/nist-sp-800-53-r5/ca/07
    • /frameworks/nist-sp-800-53-r5/ca/08
    • /frameworks/nist-sp-800-53-r5/cp/02
    • /frameworks/nist-sp-800-53-r5/ir/04
    • /frameworks/nist-sp-800-53-r5/ir/08
    • /frameworks/nist-sp-800-53-r5/pl/02
    • /frameworks/nist-sp-800-53-r5/ra/03
    • /frameworks/nist-sp-800-53-r5/ra/05
    • /frameworks/nist-sp-800-53-r5/ra/07
    • /frameworks/nist-sp-800-53-r5/sa/08
    • /frameworks/nist-sp-800-53-r5/sa/11
    • /frameworks/nist-sp-800-53-r5/sa/17/06
    • /frameworks/nist-sp-800-53-r5/si/02
    • /frameworks/nist-sp-800-53-r5/si/04
    • /frameworks/nist-sp-800-53-r5/sr/05

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST SP 800-53 Revision 5 → 💼 AC-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 AT-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 AU-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 CA-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 CA-2 Control Assessments3no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-5 Plan of Action and Milestones1no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring628no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-8 Penetration Testing3no data
💼 NIST SP 800-53 Revision 5 → 💼 CM-1 Policy and Procedures3no data
💼 NIST SP 800-53 Revision 5 → 💼 CP-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 CP-2 Contingency Plan83no data
💼 NIST SP 800-53 Revision 5 → 💼 IA-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 IR-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 IR-4 Incident Handling151no data
💼 NIST SP 800-53 Revision 5 → 💼 IR-8 Incident Response Plan1no data
💼 NIST SP 800-53 Revision 5 → 💼 MA-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 MP-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 PE-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 PL-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 PL-2 System Security and Privacy Plans3no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-1 Information Security Program Planno data
💼 NIST SP 800-53 Revision 5 → 💼 PS-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 PT-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 RA-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 RA-3 Risk Assessment41no data
💼 NIST SP 800-53 Revision 5 → 💼 RA-5 Vulnerability Monitoring and Scanning111no data
💼 NIST SP 800-53 Revision 5 → 💼 RA-7 Risk Responseno data
💼 NIST SP 800-53 Revision 5 → 💼 SA-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 SA-8 Security and Privacy Engineering Principles338no data
💼 NIST SP 800-53 Revision 5 → 💼 SA-11 Developer Testing and Evaluation91no data
💼 NIST SP 800-53 Revision 5 → 💼 SA-17(6) Developer Security and Privacy Architecture and Design _ Structure for Testingno data
💼 NIST SP 800-53 Revision 5 → 💼 SC-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 SI-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 SI-2 Flaw Remediation6621no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-4 System Monitoring25118no data
💼 NIST SP 800-53 Revision 5 → 💼 SR-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 SR-5 Acquisition Strategies, Tools, and Methods2no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (47)

PolicyLogic CountFlagsCompliance
🛡️ AWS Account Multi-Region CloudTrail is not enabled🟢1🟢 x6no data
🛡️ AWS API Gateway API Access Logging in CloudWatch is not enabled🟢1🟠 x1, 🟢 x5no data
🛡️ AWS API Gateway API Execution Logging in CloudWatch is not enabled🟢1🟢 x6no data
🛡️ AWS API Gateway REST API Stage X-Ray Tracing is not enabled🟢1🟢 x6no data
🛡️ AWS CloudFront Distribution Logging is not enabled🟢1🟢 x6no data
🛡️ AWS CloudTrail Log File Validation is not enabled🟢1🟢 x6no data
🛡️ AWS CloudTrail S3 Bucket Access Logging is not enabled.🟢1🟢 x6no data
🛡️ AWS CloudTrail Trail is not integrated with CloudWatch Logs🟢1🟠 x1, 🟢 x5no data
🛡️ AWS CloudWatch Metric Alarm does not have any actions configured🟢1🟢 x6no data
🛡️ AWS DMS Migration Task Logging is not enabled🟢1🟢 x6no data
🛡️ AWS DMS Replication Instance Auto Minor Version Upgrade is not enabled🟢1🟢 x6no data
🛡️ AWS EC2 Auto Scaling Group behind ELB doesn't use ELB health check🟢1🟢 x6no data
🛡️ AWS ECR Repository Manual Scanning is enabled🟢1🟢 x6no data
🛡️ AWS ECS Fargate Service platform version is outdated🟢1🟢 x6no data
🛡️ AWS ECS Task Definition logging is not configured🟢1🟢 x6no data
🛡️ AWS EKS Cluster Logging is not enabled for all control plane logs types🟢1🟢 x6no data
🛡️ AWS Elastic Beanstalk Environment does not have enhanced health reporting enabled🟢1🟢 x6no data
🛡️ AWS Elastic Beanstalk Environment does not have managed platform updates enabled🟢1🟢 x6no data
🛡️ AWS ElastiCache Redis Cluster Auto Minor Version Upgrade is not enabled🟢1🟢 x6no data
🛡️ AWS ELB Load Balancer Access Logging is disabled🟢1🟢 x6no data
🛡️ AWS GuardDuty is not enabled in all regions🟢1🟢 x6no data
🛡️ AWS Lambda Function Runtime is deprecated🟢1🟢 x6no data
🛡️ AWS Lambda Function X-Ray Tracing is not enabled🟢1🟢 x6no data
🛡️ AWS MQ ActiveMQ Broker Audit Logging is not enabled🟢1🟢 x6no data
🛡️ AWS OpenSearch Domain audit logging is not enabled🟢1🟢 x6no data
🛡️ AWS OpenSearch Domain error logging is not enabled🟢1🟢 x6no data
🛡️ AWS OpenSearch Domain latest Service Software Update is not installed🟢1🟢 x6no data
🛡️ AWS RDS Cluster Event Subscription for critical events is not configured🟢1🟢 x6no data
🛡️ AWS RDS Cluster required log exports to CloudWatch Logs are not enabled🟢1🟢 x6no data
🛡️ AWS RDS Instance Auto Minor Version Upgrade is not enabled🟠🟢1🟠 x1, 🟢 x6no data
🛡️ AWS RDS Instance database logging is not enabled🟢1🟢 x6no data
🛡️ AWS RDS Instance Enhanced Monitoring is not enabled🟢1🟢 x6no data
🛡️ AWS RDS Instance Event Subscription for critical events is not configured🟢1🟢 x6no data
🛡️ AWS RDS Multi-AZ Cluster Auto Minor Version Upgrade is not enabled🟢1🟢 x6no data
🛡️ AWS RDS Parameter Group Event Subscription for critical events is not configured🟢1🟢 x6no data
🛡️ AWS RDS Security Group Event Subscription for critical events is not configured🟢1🟢 x6no data
🛡️ AWS Redshift Cluster automatic major version upgrade is not enabled🟢1🟢 x6no data
🛡️ AWS Redshift Cluster Audit Logging is not enabled🟢1🟢 x6no data
🛡️ AWS S3 Bucket Server Access Logging is not enabled🟢1🟢 x6no data
🛡️ AWS VPC Flow Logs are not enabled🟢1🟠 x1, 🟢 x5no data
🛡️ Google API Key is not restricted for unused APIs🟢1🟢 x6no data
🛡️ Google API Key is not rotated every 90 days🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance user options Database Flag is configured🟢1🟢 x6no data
🛡️ Google GCE Subnetwork Flow Logs are not enabled🟢1🟢 x6no data
🛡️ Google Project has API Keys🟢1🟠 x1, 🟢 x5no data