💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties

ID: /frameworks/nist-csf-v2.0/id-im/02

Stats

not available

Description

Identify improvements for future incident response activities based on findings from incident response assessments (e.g., tabletop exercises and simulations, tests, internal reviews, independent audits)
Identify improvements for future business continuity, disaster recovery, and incident response activities based on exercises performed in coordination with critical service providers and product suppliers
Involve internal stakeholders (e.g., senior executives, legal department, HR) in security tests and exercises as appropriate
Perform penetration testing to identify opportunities to improve the security posture of selected high-risk systems as approved by leadership
Exercise contingency plans for responding to and recovering from the discovery that products or services did not originate with the contracted supplier or partner or were altered before receipt
Collect and analyze performance metrics using security tools and services to inform improvements to the cybersecurity program

Similar

Sections
- /frameworks/nist-csf-v1.1/id-sc/05
- /frameworks/nist-csf-v1.1/pr-ip/10
- /frameworks/nist-csf-v1.1/de-dp/03
- /frameworks/nist-sp-800-53-r5/ac/01
- /frameworks/nist-sp-800-53-r5/at/01
- /frameworks/nist-sp-800-53-r5/au/01
- /frameworks/nist-sp-800-53-r5/ca/01
- /frameworks/nist-sp-800-53-r5/cm/01
- /frameworks/nist-sp-800-53-r5/cp/01
- /frameworks/nist-sp-800-53-r5/ia/01
- /frameworks/nist-sp-800-53-r5/ir/01
- /frameworks/nist-sp-800-53-r5/ma/01
- /frameworks/nist-sp-800-53-r5/mp/01
- /frameworks/nist-sp-800-53-r5/pe/01
- /frameworks/nist-sp-800-53-r5/pl/01
- /frameworks/nist-sp-800-53-r5/pm/01
- /frameworks/nist-sp-800-53-r5/ps/01
- /frameworks/nist-sp-800-53-r5/pt/01
- /frameworks/nist-sp-800-53-r5/ra/01
- /frameworks/nist-sp-800-53-r5/sa/01
- /frameworks/nist-sp-800-53-r5/sc/01
- /frameworks/nist-sp-800-53-r5/si/01
- /frameworks/nist-sp-800-53-r5/sr/01
- /frameworks/nist-sp-800-53-r5/ca/02
- /frameworks/nist-sp-800-53-r5/ca/05
- /frameworks/nist-sp-800-53-r5/ca/07
- /frameworks/nist-sp-800-53-r5/ca/08
- /frameworks/nist-sp-800-53-r5/cp/02
- /frameworks/nist-sp-800-53-r5/cp/04
- /frameworks/nist-sp-800-53-r5/ir/03
- /frameworks/nist-sp-800-53-r5/ir/04
- /frameworks/nist-sp-800-53-r5/ir/08
- /frameworks/nist-sp-800-53-r5/pl/02
- /frameworks/nist-sp-800-53-r5/ra/03
- /frameworks/nist-sp-800-53-r5/ra/05
- /frameworks/nist-sp-800-53-r5/ra/07
- /frameworks/nist-sp-800-53-r5/sa/08
- /frameworks/nist-sp-800-53-r5/sa/11
- /frameworks/nist-sp-800-53-r5/si/02
- /frameworks/nist-sp-800-53-r5/si/04
- /frameworks/nist-sp-800-53-r5/sr/05

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Compliance
💼 NIST CSF v1.1 → 💼 DE.DP-3: Detection processes are tested		13	14	no data
💼 NIST CSF v1.1 → 💼 ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers		1	1	no data
💼 NIST CSF v1.1 → 💼 PR.IP-10: Response and recovery plans are tested		2	2	no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 AT-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-2 Control Assessments	3			no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-5 Plan of Action and Milestones	1			no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring	6		28	no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-8 Penetration Testing	3			no data
💼 NIST SP 800-53 Revision 5 → 💼 CM-1 Policy and Procedures			3	no data
💼 NIST SP 800-53 Revision 5 → 💼 CP-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 CP-2 Contingency Plan	8		3	no data
💼 NIST SP 800-53 Revision 5 → 💼 CP-4 Contingency Plan Testing	5			no data
💼 NIST SP 800-53 Revision 5 → 💼 IA-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 IR-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 IR-3 Incident Response Testing	3			no data
💼 NIST SP 800-53 Revision 5 → 💼 IR-4 Incident Handling	15		1	no data
💼 NIST SP 800-53 Revision 5 → 💼 IR-8 Incident Response Plan	1			no data
💼 NIST SP 800-53 Revision 5 → 💼 MA-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 MP-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 PE-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 PL-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 PL-2 System Security and Privacy Plans	3			no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-1 Information Security Program Plan				no data
💼 NIST SP 800-53 Revision 5 → 💼 PS-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 PT-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 RA-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 RA-3 Risk Assessment	4		1	no data
💼 NIST SP 800-53 Revision 5 → 💼 RA-5 Vulnerability Monitoring and Scanning	11		1	no data
💼 NIST SP 800-53 Revision 5 → 💼 RA-7 Risk Response				no data
💼 NIST SP 800-53 Revision 5 → 💼 SA-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 SA-8 Security and Privacy Engineering Principles	33		8	no data
💼 NIST SP 800-53 Revision 5 → 💼 SA-11 Developer Testing and Evaluation	9		1	no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-2 Flaw Remediation	6	6	21	no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-4 System Monitoring	25	1	18	no data
💼 NIST SP 800-53 Revision 5 → 💼 SR-1 Policy and Procedures				no data
💼 NIST SP 800-53 Revision 5 → 💼 SR-5 Acquisition Strategies, Tools, and Methods	2			no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (62)

Policy	Logic Count	Flags	Compliance
🛡️ AWS Account Multi-Region CloudTrail is not enabled🟢	1	🟢 x6	no data
🛡️ AWS API Gateway API Access Logging in CloudWatch is not enabled🟢	1	🟠 x1, 🟢 x5	no data
🛡️ AWS API Gateway API Execution Logging in CloudWatch is not enabled🟢	1	🟢 x6	no data
🛡️ AWS API Gateway REST API Stage X-Ray Tracing is not enabled🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Distribution Logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS CloudTrail Log File Validation is not enabled🟢	1	🟢 x6	no data
🛡️ AWS CloudTrail S3 Bucket Access Logging is not enabled.🟢	1	🟢 x6	no data
🛡️ AWS CloudTrail Trail is not integrated with CloudWatch Logs🟢	1	🟠 x1, 🟢 x5	no data
🛡️ AWS CloudWatch Metric Alarm does not have any actions configured🟢	1	🟢 x6	no data
🛡️ AWS DMS Migration Task Logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS DMS Replication Instance Auto Minor Version Upgrade is not enabled🟢	1	🟢 x6	no data
🛡️ AWS EC2 Auto Scaling Group behind ELB doesn't use ELB health check🟢	1	🟢 x6	no data
🛡️ AWS ECR Repository Manual Scanning is enabled🟢	1	🟢 x6	no data
🛡️ AWS ECS Fargate Service platform version is outdated🟢	1	🟢 x6	no data
🛡️ AWS ECS Task Definition logging is not configured🟢	1	🟢 x6	no data
🛡️ AWS EKS Cluster Logging is not enabled for all control plane logs types🟢	1	🟢 x6	no data
🛡️ AWS Elastic Beanstalk Environment does not have enhanced health reporting enabled🟢	1	🟢 x6	no data
🛡️ AWS Elastic Beanstalk Environment does not have managed platform updates enabled🟢	1	🟢 x6	no data
🛡️ AWS ElastiCache Redis Cluster Auto Minor Version Upgrade is not enabled🟢	1	🟢 x6	no data
🛡️ AWS ELB Load Balancer Access Logging is disabled🟢	1	🟢 x6	no data
🛡️ AWS GuardDuty is not enabled in all regions🟢	1	🟢 x6	no data
🛡️ AWS Lambda Function Runtime is deprecated🟢	1	🟢 x6	no data
🛡️ AWS Lambda Function X-Ray Tracing is not enabled🟢	1	🟢 x6	no data
🛡️ AWS MQ ActiveMQ Broker Audit Logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS OpenSearch Domain audit logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS OpenSearch Domain error logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS OpenSearch Domain latest Service Software Update is not installed🟢	1	🟢 x6	no data
🛡️ AWS RDS Cluster Event Subscription for critical events is not configured🟢	1	🟢 x6	no data
🛡️ AWS RDS Cluster required log exports to CloudWatch Logs are not enabled🟢	1	🟢 x6	no data
🛡️ AWS RDS Instance Auto Minor Version Upgrade is not enabled🟠🟢	1	🟠 x1, 🟢 x6	no data
🛡️ AWS RDS Instance database logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS RDS Instance Enhanced Monitoring is not enabled🟢	1	🟢 x6	no data
🛡️ AWS RDS Instance Event Subscription for critical events is not configured🟢	1	🟢 x6	no data
🛡️ AWS RDS Multi-AZ Cluster Auto Minor Version Upgrade is not enabled🟢	1	🟢 x6	no data
🛡️ AWS RDS Parameter Group Event Subscription for critical events is not configured🟢	1	🟢 x6	no data
🛡️ AWS RDS Security Group Event Subscription for critical events is not configured🟢	1	🟢 x6	no data
🛡️ AWS Redshift Cluster automatic major version upgrade is not enabled🟢	1	🟢 x6	no data
🛡️ AWS Redshift Cluster Audit Logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS S3 Bucket Server Access Logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS S3 Bucket Versioning is not enabled🟢	1	🟢 x6	no data
🛡️ AWS VPC Flow Logs are not enabled🟢	1	🟠 x1, 🟢 x5	no data
🛡️ Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure SQL Server Auditing is not enabled🟢	1	🟢 x6	no data
🛡️ Azure SQL Server Auditing Retention is less than 90 days🟢	1	🟢 x6	no data
🛡️ Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests🟢	1	🟢 x6	no data
🛡️ Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For App Services is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Containers is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Key Vault is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Servers is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For SQL Servers On Machines is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Storage is not set to On🟢	1	🟢 x6	no data
🛡️ Google API Key is not restricted for unused APIs🟢	1	🟢 x6	no data
🛡️ Google API Key is not rotated every 90 days🟢	1	🟢 x6	no data
🛡️ Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on🟢	1	🟢 x6	no data
🛡️ Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value🟢	1	🟢 x6	no data
🛡️ Google Cloud SQL Server Instance user options Database Flag is configured🟢	1	🟢 x6	no data
🛡️ Google GCE Firewall Rule logging is disabled🟢	1	🟢 x6	no data
🛡️ Google GCE Subnetwork Flow Logs are not enabled🟢	1	🟢 x6	no data
🛡️ Google Project has API Keys🟢	1	🟠 x1, 🟢 x5	no data
🛡️ Oracle Storage Bucket versioning is disabled🟢	1	🟢 x6	no data

Stats​

Description​

Similar​

Similar Sections (Take Policies From)​

Sub Sections​

Policies (62)​

Stats

Description

Similar

Similar Sections (Take Policies From)

Sub Sections

Policies (62)