Skip to main content

πŸ’Ό AC-21 Information Sharing

  • ID: /frameworks/nist-sp-800-53-r5/ac/21

Description​

a. Enable authorized users to determine whether access authorizations assigned to a sharing partner match the information’s access and use restrictions for [Assignment: organization-defined information sharing circumstances where user discretion is required]; and b. Employ [Assignment: organization-defined automated mechanisms or manual processes] to assist users in making information sharing and collaboration decisions.

Similar​

  • Sections
    • /frameworks/aws-fsbp-v1.0.0/auto-scaling/05
    • /frameworks/aws-fsbp-v1.0.0/dms/01
    • /frameworks/aws-fsbp-v1.0.0/documentdb/03
    • /frameworks/aws-fsbp-v1.0.0/ec2/01
    • /frameworks/aws-fsbp-v1.0.0/ec2/09
    • /frameworks/aws-fsbp-v1.0.0/ec2/10
    • /frameworks/aws-fsbp-v1.0.0/ec2/15
    • /frameworks/aws-fsbp-v1.0.0/ec2/25
    • /frameworks/aws-fsbp-v1.0.0/ec2/55
    • /frameworks/aws-fsbp-v1.0.0/ec2/56
    • /frameworks/aws-fsbp-v1.0.0/ec2/57
    • /frameworks/aws-fsbp-v1.0.0/ec2/58
    • /frameworks/aws-fsbp-v1.0.0/ec2/60
    • /frameworks/aws-fsbp-v1.0.0/ecs/02
    • /frameworks/aws-fsbp-v1.0.0/eks/01
    • /frameworks/aws-fsbp-v1.0.0/emr/01
    • /frameworks/aws-fsbp-v1.0.0/emr/02
    • /frameworks/aws-fsbp-v1.0.0/es/02
    • /frameworks/aws-fsbp-v1.0.0/lambda/01
    • /frameworks/aws-fsbp-v1.0.0/neptune/03
    • /frameworks/aws-fsbp-v1.0.0/opensearch/02
    • /frameworks/aws-fsbp-v1.0.0/rds/01
    • /frameworks/aws-fsbp-v1.0.0/redshift/01
    • /frameworks/aws-fsbp-v1.0.0/s3/01
    • /frameworks/aws-fsbp-v1.0.0/s3/02
    • /frameworks/aws-fsbp-v1.0.0/s3/03
    • /frameworks/aws-fsbp-v1.0.0/s3/19
    • /frameworks/aws-fsbp-v1.0.0/sagemaker/01
    • /frameworks/aws-fsbp-v1.0.0/sagemaker/02
    • /frameworks/aws-fsbp-v1.0.0/ssm/04
  • Internal
    • ID: dec-c-532a8bba

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [AutoScaling.5] Amazon EC2 instances launched using Auto Scaling group launch configurations should not have Public IP addresses11no data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [DMS.1] Database Migration Service replication instances should not be public11no data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [DocumentDB.3] Amazon DocumentDB manual cluster snapshots should not be publicno data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EC2.1] Amazon EBS snapshots should not be publicly restorable1no data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EC2.9] Amazon EC2 instances should not have a public IPv4 address1no data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EC2.10] Amazon EC2 should be configured to use VPC endpoints that are created for the Amazon EC2 service1no data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EC2.15] Amazon EC2 subnets should not automatically assign public IP addresses1no data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EC2.25] Amazon EC2 launch templates should not assign public IPs to network interfacesno data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EC2.55] VPCs should be configured with an interface endpoint for ECR APIno data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EC2.56] VPCs should be configured with an interface endpoint for Docker Registryno data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EC2.57] VPCs should be configured with an interface endpoint for Systems Managerno data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EC2.58] VPCs should be configured with an interface endpoint for Systems Manager Incident Manager Contactsno data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EC2.60] VPCs should be configured with an interface endpoint for Systems Manager Incident Managerno data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ECS.2] ECS services should not have public IP addresses assigned to them automatically1no data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EKS.1] EKS cluster endpoints should not be publicly accessible1no data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EMR.1] Amazon EMR cluster primary nodes should not have public IP addressesno data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EMR.2] Amazon EMR block public access setting should be enabledno data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ES.2] Elasticsearch domains should not be publicly accessible1no data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Lambda.1] Lambda function policies should prohibit public access1no data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Neptune.3] Neptune DB cluster snapshots should not be publicno data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Opensearch.2] OpenSearch domains should not be publicly accessible1no data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [RDS.1] RDS snapshot should be private11no data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Redshift.1] Amazon Redshift clusters should prohibit public accessno data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [S3.1] S3 general purpose buckets should have block public access settings enabled1no data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [S3.2] S3 general purpose buckets should block public read access2no data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [S3.3] S3 general purpose buckets should block public write access2no data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [S3.19] S3 access points should have block public access settings enabled1no data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [SageMaker.1] Amazon SageMaker AI notebook instances should not have direct internet access1no data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [SageMaker.2] SageMaker AI notebook instances should be launched in a custom VPC1no data
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [SSM.4] SSM documents should not be publicno data

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό AC-21 Information Sharing (M)(H)18no data

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
πŸ’Ό AC-21(1) Information Sharing _ Automated Decision Supportno data
πŸ’Ό AC-21(2) Information Sharing _ Information Search and Retrievalno data

Policies (18)​

PolicyLogic CountFlagsCompliance
πŸ›‘οΈ AWS DMS Replication Instance is publicly accessible🟒1🟒 x6no data
πŸ›‘οΈ AWS EBS Snapshot is publicly accessible🟒1🟒 x6no data
πŸ›‘οΈ AWS EC2 Auto Scaling Group behind ELB assigns public IP to instances🟒1🟒 x6no data
πŸ›‘οΈ AWS EC2 Instance with an auto-assigned public IP address is in a default subnet🟒1🟒 x6no data
πŸ›‘οΈ AWS ECS Service automatically assigns public IP addresses🟒1🟒 x6no data
πŸ›‘οΈ AWS EKS Cluster allows unrestricted public traffic🟒1🟒 x6no data
πŸ›‘οΈ AWS Lambda Function allows public access🟒1🟠 x1, 🟒 x5no data
πŸ›‘οΈ AWS Lambda Function is not in a VPC🟒1🟒 x6no data
πŸ›‘οΈ AWS OpenSearch Domain has a public endpoint🟒1🟒 x6no data
πŸ›‘οΈ AWS RDS Snapshot is publicly accessible🟒1🟒 x6no data
πŸ›‘οΈ AWS S3 Access Point is not configured to block public access🟒1🟒 x6no data
πŸ›‘οΈ AWS S3 Bucket ACL allows public read or write access🟒1🟒 x6no data
πŸ›‘οΈ AWS S3 Bucket is not configured to block public access🟒1🟒 x6no data
πŸ›‘οΈ AWS S3 Bucket Policy allows public read or write access🟒1🟒 x6no data
πŸ›‘οΈ AWS SageMaker Notebook Instance Direct Internet Access is not disabled🟒1🟒 x6no data
πŸ›‘οΈ AWS SageMaker Notebook Instance is not in a VPC🟒1🟒 x6no data
πŸ›‘οΈ AWS VPC is not configured with a VPC Endpoint for Amazon EC2 service🟒1🟒 x6no data
πŸ›‘οΈ AWS VPC Subnet Map Public IP On Launch is enabled🟒1🟒 x6no data