Skip to main content

💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties

  • Contextual name: 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties
  • ID: /frameworks/nist-csf-v2.0/id-im/02
  • Located in: 💼 Improvement (ID.IM)

Description

  1. Identify improvements for future incident response activities based on findings from incident response assessments (e.g., tabletop exercises and simulations, tests, internal reviews, independent audits)
  2. Identify improvements for future business continuity, disaster recovery, and incident response activities based on exercises performed in coordination with critical service providers and product suppliers
  3. Involve internal stakeholders (e.g., senior executives, legal department, HR) in security tests and exercises as appropriate
  4. Perform penetration testing to identify opportunities to improve the security posture of selected high-risk systems as approved by leadership
  5. Exercise contingency plans for responding to and recovering from the discovery that products or services did not originate with the contracted supplier or partner or were altered before receipt
  6. Collect and analyze performance metrics using security tools and services to inform improvements to the cybersecurity program

Similar

  • Sections
    • /frameworks/nist-csf-v1.1/id-sc/05
    • /frameworks/nist-csf-v1.1/pr-ip/10
    • /frameworks/nist-csf-v1.1/de-dp/03
    • /frameworks/nist-sp-800-53-r5/ac/01
    • /frameworks/nist-sp-800-53-r5/at/01
    • /frameworks/nist-sp-800-53-r5/au/01
    • /frameworks/nist-sp-800-53-r5/ca/01
    • /frameworks/nist-sp-800-53-r5/cm/01
    • /frameworks/nist-sp-800-53-r5/cp/01
    • /frameworks/nist-sp-800-53-r5/ia/01
    • /frameworks/nist-sp-800-53-r5/ir/01
    • /frameworks/nist-sp-800-53-r5/ma/01
    • /frameworks/nist-sp-800-53-r5/mp/01
    • /frameworks/nist-sp-800-53-r5/pe/01
    • /frameworks/nist-sp-800-53-r5/pl/01
    • /frameworks/nist-sp-800-53-r5/pm/01
    • /frameworks/nist-sp-800-53-r5/ps/01
    • /frameworks/nist-sp-800-53-r5/pt/01
    • /frameworks/nist-sp-800-53-r5/ra/01
    • /frameworks/nist-sp-800-53-r5/sa/01
    • /frameworks/nist-sp-800-53-r5/sc/01
    • /frameworks/nist-sp-800-53-r5/si/01
    • /frameworks/nist-sp-800-53-r5/sr/01
    • /frameworks/nist-sp-800-53-r5/ca/02
    • /frameworks/nist-sp-800-53-r5/ca/05
    • /frameworks/nist-sp-800-53-r5/ca/07
    • /frameworks/nist-sp-800-53-r5/ca/08
    • /frameworks/nist-sp-800-53-r5/cp/02
    • /frameworks/nist-sp-800-53-r5/cp/04
    • /frameworks/nist-sp-800-53-r5/ir/03
    • /frameworks/nist-sp-800-53-r5/ir/04
    • /frameworks/nist-sp-800-53-r5/ir/08
    • /frameworks/nist-sp-800-53-r5/pl/02
    • /frameworks/nist-sp-800-53-r5/ra/03
    • /frameworks/nist-sp-800-53-r5/ra/05
    • /frameworks/nist-sp-800-53-r5/ra/07
    • /frameworks/nist-sp-800-53-r5/sa/08
    • /frameworks/nist-sp-800-53-r5/sa/11
    • /frameworks/nist-sp-800-53-r5/si/02
    • /frameworks/nist-sp-800-53-r5/si/04
    • /frameworks/nist-sp-800-53-r5/sr/05

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST CSF v1.1 → 💼 DE.DP-3: Detection processes are tested1313
💼 NIST CSF v1.1 → 💼 ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers11
💼 NIST CSF v1.1 → 💼 PR.IP-10: Response and recovery plans are tested11
💼 NIST SP 800-53 Revision 5 → 💼 AC-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 AT-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 AU-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 CA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 CA-2 Control Assessments3
💼 NIST SP 800-53 Revision 5 → 💼 CA-5 Plan of Action and Milestones1
💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring610
💼 NIST SP 800-53 Revision 5 → 💼 CA-8 Penetration Testing3
💼 NIST SP 800-53 Revision 5 → 💼 CM-1 Policy and Procedures3
💼 NIST SP 800-53 Revision 5 → 💼 CP-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 CP-2 Contingency Plan82
💼 NIST SP 800-53 Revision 5 → 💼 CP-4 Contingency Plan Testing5
💼 NIST SP 800-53 Revision 5 → 💼 IA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 IR-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 IR-3 Incident Response Testing3
💼 NIST SP 800-53 Revision 5 → 💼 IR-4 Incident Handling15
💼 NIST SP 800-53 Revision 5 → 💼 IR-8 Incident Response Plan1
💼 NIST SP 800-53 Revision 5 → 💼 MA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 MP-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PE-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PL-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PL-2 System Security and Privacy Plans3
💼 NIST SP 800-53 Revision 5 → 💼 PM-1 Information Security Program Plan
💼 NIST SP 800-53 Revision 5 → 💼 PS-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PT-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 RA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 RA-3 Risk Assessment4
💼 NIST SP 800-53 Revision 5 → 💼 RA-5 Vulnerability Monitoring and Scanning11
💼 NIST SP 800-53 Revision 5 → 💼 RA-7 Risk Response
💼 NIST SP 800-53 Revision 5 → 💼 SA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SA-8 Security and Privacy Engineering Principles337
💼 NIST SP 800-53 Revision 5 → 💼 SA-11 Developer Testing and Evaluation9
💼 NIST SP 800-53 Revision 5 → 💼 SC-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SI-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SI-2 Flaw Remediation667
💼 NIST SP 800-53 Revision 5 → 💼 SI-4 System Monitoring2518
💼 NIST SP 800-53 Revision 5 → 💼 SR-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SR-5 Acquisition Strategies, Tools, and Methods2

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags

Policies (33)

PolicyLogic CountFlags
📝 AWS Account Multi-Region CloudTrail is not enabled 🟢1🟢 x6
📝 AWS API Gateway API Access Logging in CloudWatch is not enabled 🟢1🟠 x1, 🟢 x5
📝 AWS API Gateway API Execution Logging in CloudWatch is not enabled 🟢1🟢 x6
📝 AWS API Gateway REST API Stage X-Ray Tracing is not enabled 🟢1🟢 x6
📝 AWS CloudFront Distribution Logging is not enabled 🟢1🟢 x6
📝 AWS CloudTrail Log File Validation is not enabled 🟢1🟢 x6
📝 AWS CloudTrail S3 Bucket Access Logging is not enabled. 🟢1🟢 x6
📝 AWS DMS Migration Task Logging is not enabled 🟢1🟢 x6
📝 AWS DMS Replication Instance Auto Minor Version Upgrade is not enabled 🟢1🟢 x6
📝 AWS EC2 Auto Scaling Group behind ELB doesn't use ELB health check 🟢1🟢 x6
📝 AWS RDS Instance Auto Minor Version Upgrade is not enabled 🟠🟢1🟠 x1, 🟢 x6
📝 AWS S3 Bucket Server Access Logging is not enabled 🟢1🟢 x6
📝 AWS S3 Bucket Versioning is not enabled 🟢1🟢 x6
📝 AWS VPC Flow Logs are not enabled 🟢1🟠 x1, 🟢 x5
📝 Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON 🟢1🟢 x6
📝 Azure SQL Server Auditing is not enabled 🟢1🟢 x6
📝 Azure SQL Server Auditing Retention is less than 90 days 🟢1🟢 x6
📝 Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests 🟢1🟢 x6
📝 Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests 🟢1🟢 x6
📝 Azure Subscription Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On 🟢1🟢 x6
📝 Azure Subscription Microsoft Defender For App Services is not set to On 🟢1🟢 x6
📝 Azure Subscription Microsoft Defender For Containers is not set to On 🟢1🟢 x6
📝 Azure Subscription Microsoft Defender For Key Vault is not set to On 🟢1🟢 x6
📝 Azure Subscription Microsoft Defender For Servers is not set to On 🟢1🟢 x6
📝 Azure Subscription Microsoft Defender For SQL Servers On Machines is not set to On 🟢1🟢 x6
📝 Azure Subscription Microsoft Defender For Storage is not set to On 🟢1🟢 x6
📝 Google API Key is not restricted for unused APIs 🟢1🟢 x6
📝 Google API Key is not rotated every 90 days 🟢1🟢 x6
📝 Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on 🟢1🟢 x6
📝 Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value 🟢1🟢 x6
📝 Google Cloud SQL Server Instance user options Database Flag is configured 🟢1🟢 x6
📝 Google GCE Subnetwork Flow Logs are not enabled 🟢1🟢 x6
📝 Google Project has API Keys 🟢1🟠 x1, 🟢 x5