💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties

Contextual name: 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties
ID: /frameworks/nist-csf-v2.0/id-im/02
Located in: 💼 Improvement (ID.IM)

Description

Identify improvements for future incident response activities based on findings from incident response assessments (e.g., tabletop exercises and simulations, tests, internal reviews, independent audits)
Identify improvements for future business continuity, disaster recovery, and incident response activities based on exercises performed in coordination with critical service providers and product suppliers
Involve internal stakeholders (e.g., senior executives, legal department, HR) in security tests and exercises as appropriate
Perform penetration testing to identify opportunities to improve the security posture of selected high-risk systems as approved by leadership
Exercise contingency plans for responding to and recovering from the discovery that products or services did not originate with the contracted supplier or partner or were altered before receipt
Collect and analyze performance metrics using security tools and services to inform improvements to the cybersecurity program

Similar

Sections
- /frameworks/nist-csf-v1.1/id-sc/05
- /frameworks/nist-csf-v1.1/pr-ip/10
- /frameworks/nist-csf-v1.1/de-dp/03
- /frameworks/nist-sp-800-53-r5/ac/01
- /frameworks/nist-sp-800-53-r5/at/01
- /frameworks/nist-sp-800-53-r5/au/01
- /frameworks/nist-sp-800-53-r5/ca/01
- /frameworks/nist-sp-800-53-r5/cm/01
- /frameworks/nist-sp-800-53-r5/cp/01
- /frameworks/nist-sp-800-53-r5/ia/01
- /frameworks/nist-sp-800-53-r5/ir/01
- /frameworks/nist-sp-800-53-r5/ma/01
- /frameworks/nist-sp-800-53-r5/mp/01
- /frameworks/nist-sp-800-53-r5/pe/01
- /frameworks/nist-sp-800-53-r5/pl/01
- /frameworks/nist-sp-800-53-r5/pm/01
- /frameworks/nist-sp-800-53-r5/ps/01
- /frameworks/nist-sp-800-53-r5/pt/01
- /frameworks/nist-sp-800-53-r5/ra/01
- /frameworks/nist-sp-800-53-r5/sa/01
- /frameworks/nist-sp-800-53-r5/sc/01
- /frameworks/nist-sp-800-53-r5/si/01
- /frameworks/nist-sp-800-53-r5/sr/01
- /frameworks/nist-sp-800-53-r5/ca/02
- /frameworks/nist-sp-800-53-r5/ca/05
- /frameworks/nist-sp-800-53-r5/ca/07
- /frameworks/nist-sp-800-53-r5/ca/08
- /frameworks/nist-sp-800-53-r5/cp/02
- /frameworks/nist-sp-800-53-r5/cp/04
- /frameworks/nist-sp-800-53-r5/ir/03
- /frameworks/nist-sp-800-53-r5/ir/04
- /frameworks/nist-sp-800-53-r5/ir/08
- /frameworks/nist-sp-800-53-r5/pl/02
- /frameworks/nist-sp-800-53-r5/ra/03
- /frameworks/nist-sp-800-53-r5/ra/05
- /frameworks/nist-sp-800-53-r5/ra/07
- /frameworks/nist-sp-800-53-r5/sa/08
- /frameworks/nist-sp-800-53-r5/sa/11
- /frameworks/nist-sp-800-53-r5/si/02
- /frameworks/nist-sp-800-53-r5/si/04
- /frameworks/nist-sp-800-53-r5/sr/05

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies
💼 NIST CSF v1.1 → 💼 DE.DP-3: Detection processes are tested		14	14
💼 NIST CSF v1.1 → 💼 ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers		1	1
💼 NIST CSF v1.1 → 💼 PR.IP-10: Response and recovery plans are tested		1	1
💼 NIST SP 800-53 Revision 5 → 💼 AC-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 AT-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 AU-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 CA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 CA-2 Control Assessments	3
💼 NIST SP 800-53 Revision 5 → 💼 CA-5 Plan of Action and Milestones	1
💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring	6		8
💼 NIST SP 800-53 Revision 5 → 💼 CA-8 Penetration Testing	3
💼 NIST SP 800-53 Revision 5 → 💼 CM-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 CP-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 CP-2 Contingency Plan	8		1
💼 NIST SP 800-53 Revision 5 → 💼 CP-4 Contingency Plan Testing	5
💼 NIST SP 800-53 Revision 5 → 💼 IA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 IR-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 IR-3 Incident Response Testing	3
💼 NIST SP 800-53 Revision 5 → 💼 IR-4 Incident Handling	15
💼 NIST SP 800-53 Revision 5 → 💼 IR-8 Incident Response Plan	1
💼 NIST SP 800-53 Revision 5 → 💼 MA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 MP-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PE-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PL-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PL-2 System Security and Privacy Plans	3
💼 NIST SP 800-53 Revision 5 → 💼 PM-1 Information Security Program Plan
💼 NIST SP 800-53 Revision 5 → 💼 PS-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PT-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 RA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 RA-3 Risk Assessment	4
💼 NIST SP 800-53 Revision 5 → 💼 RA-5 Vulnerability Monitoring and Scanning	11
💼 NIST SP 800-53 Revision 5 → 💼 RA-7 Risk Response
💼 NIST SP 800-53 Revision 5 → 💼 SA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SA-8 Security and Privacy Engineering Principles	33		1
💼 NIST SP 800-53 Revision 5 → 💼 SA-11 Developer Testing and Evaluation	9
💼 NIST SP 800-53 Revision 5 → 💼 SC-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SI-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SI-2 Flaw Remediation	6	5	6
💼 NIST SP 800-53 Revision 5 → 💼 SI-4 System Monitoring	25	2	6
💼 NIST SP 800-53 Revision 5 → 💼 SR-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SR-5 Acquisition Strategies, Tools, and Methods	2

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (23)

Policy	Logic Count	Flags
📝 AWS Account Multi-Region CloudTrail is not enabled 🟢	1	🟢 x6
📝 AWS API Gateway API Access Logging in CloudWatch is not enabled 🟢	1	🟠 x1, 🟢 x5
📝 AWS API Gateway API Execution Logging in CloudWatch is not enabled 🟢	1	🟢 x6
📝 AWS API Gateway REST API Stage X-Ray Tracing is not enabled 🟢	1	🟢 x6
📝 AWS CloudTrail Log File Validation is not enabled 🟢	1	🟢 x6
📝 AWS CloudTrail S3 Bucket Access Logging is not enabled. 🟢	1	🟢 x6
📝 AWS EC2 Auto Scaling Group behind ELB doesn't use ELB health check 🟢	1	🟢 x6
📝 AWS RDS Instance Auto Minor Version Upgrade is not enabled 🟠🟢	1	🟠 x1, 🟢 x6
📝 AWS S3 Bucket Server Access Logging is not enabled 🟢	1	🟢 x6
📝 AWS S3 Bucket Versioning is not enabled 🟢	1	🟢 x6
📝 AWS VPC Flow Logs are not enabled 🟢	1	🟠 x1, 🟢 x5
📝 Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure SQL Server Auditing is not enabled 🟢	1	🟢 x6
📝 Azure SQL Server Auditing Retention is less than 90 days 🟢	1	🟢 x6
📝 Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests 🟢	1	🟢 x6
📝 Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests 🟢	1	🟢 x6
📝 Azure Subscription Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On 🟢	1	🟢 x6
📝 Azure Subscription Microsoft Defender For App Services is not set to On 🟢	1	🟢 x6
📝 Azure Subscription Microsoft Defender For Containers is not set to On 🟢	1	🟢 x6
📝 Azure Subscription Microsoft Defender For Key Vault is not set to On 🟢	1	🟢 x6
📝 Azure Subscription Microsoft Defender For Servers is not set to On 🟢	1	🟢 x6
📝 Azure Subscription Microsoft Defender For SQL Servers On Machines is not set to On 🟢	1	🟢 x6
📝 Azure Subscription Microsoft Defender For Storage is not set to On 🟢	1	🟢 x6

Description​

Similar​

Similar Sections (Take Policies From)​

Sub Sections​

Policies (23)​

Description

Similar

Similar Sections (Take Policies From)

Sub Sections

Policies (23)