Skip to main content

Repository → 💼 NIST CSF v2.0 → 💼 Identity Management, Authentication, and Access Control (PR.AA)

💼 PR.AA-06: Physical access to assets is managed, monitored, and enforced commensurate with risk

  • ID: /frameworks/nist-csf-v2.0/pr-aa/06

Description

  1. Use security guards, security cameras, locked entrances, alarm systems, and other physical controls to monitor facilities and restrict access
  2. Employ additional physical security controls for areas that contain high-risk assets
  3. Escort guests, vendors, and other third parties within areas that contain business-critical assets

Similar

  • Sections
    • /frameworks/nist-csf-v1.1/pr-ac/02
    • /frameworks/nist-csf-v1.1/pr-pt/04
    • /frameworks/nist-sp-800-53-r5/pe/02
    • /frameworks/nist-sp-800-53-r5/pe/03
    • /frameworks/nist-sp-800-53-r5/pe/04
    • /frameworks/nist-sp-800-53-r5/pe/05
    • /frameworks/nist-sp-800-53-r5/pe/06
    • /frameworks/nist-sp-800-53-r5/pe/08
    • /frameworks/nist-sp-800-53-r5/pe/18
    • /frameworks/nist-sp-800-53-r5/pe/19
    • /frameworks/nist-sp-800-53-r5/pe/20

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v1.1 → 💼 PR.AC-2: Physical access to assets is managed and protectedno data
💼 NIST CSF v1.1 → 💼 PR.PT-4: Communications and control networks are protected1022no data
💼 NIST SP 800-53 Revision 5 → 💼 PE-2 Physical Access Authorizations3no data
💼 NIST SP 800-53 Revision 5 → 💼 PE-3 Physical Access Control8no data
💼 NIST SP 800-53 Revision 5 → 💼 PE-4 Access Control for Transmissionno data
💼 NIST SP 800-53 Revision 5 → 💼 PE-5 Access Control for Output Devices3no data
💼 NIST SP 800-53 Revision 5 → 💼 PE-6 Monitoring Physical Access4no data
💼 NIST SP 800-53 Revision 5 → 💼 PE-8 Visitor Access Records3no data
💼 NIST SP 800-53 Revision 5 → 💼 PE-18 Location of System Components1no data
💼 NIST SP 800-53 Revision 5 → 💼 PE-19 Information Leakage1no data
💼 NIST SP 800-53 Revision 5 → 💼 PE-20 Asset Monitoring and Trackingno data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (22)

PolicyLogic CountFlagsCompliance
🛡️ AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution does not encrypt traffic to Custom Origins🟢1🟢 x6no data
🛡️ AWS DMS Endpoint doesn't use SSL🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MongoDB🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to Oracle DBMS🟢1🟢 x6no data
🛡️ AWS S3 Bucket is not configured to block public access🟢1🟢 x6no data
🛡️ AWS S3 Bucket Policy is not set to deny HTTP requests🟢1🟢 x6no data
🛡️ Azure App Service FTP deployments are not disabled🟢1🟢 x6no data
🛡️ Azure App Service HTTPS Only configuration is not enabled🟢1🟢 x6no data
🛡️ Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure PostgreSQL Flexible Server require_secure_transport Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure PostgreSQL Single Server Enforce SSL Connection is not set enabled🟢1🟢 x6no data
🛡️ Azure PostgreSQL Single Server Infrastructure Double Encryption is not enabled🟢1🟢 x6no data
🛡️ Azure Storage Account Secure Transfer Required is not enabled🟢1🟢 x6no data
🛡️ Google BigQuery Dataset is anonymously or publicly accessible🟢1🟢 x6no data
🛡️ Google Cloud SQL Instance External Authorized Networks whitelists all public IP addresses🟢1🟢 x6no data
🛡️ Google GCE Instance has a public IP address🟢1🟢 x6no data
🛡️ Google GCE Network has Firewall Rules which allow unrestricted SSH access from the Internet🟢1🟢 x6no data
🛡️ Google HTTPS or SSL Proxy Load Balancer permits SSL policies with weak cipher suites🟢⚪🟢 x2, ⚪ x1no data
🛡️ Google Storage Bucket is anonymously or publicly accessible🟢1🟢 x6no data