DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed

Description

[csf.tools Note: Subcategories do not have detailed descriptions.]

Related Controls

NIST Special Publication 800-53 Revision 5

AC-4: Information Flow Enforcement

Enforce approved authorizations for controlling the flow of information within the system and between connected systems based on [Assignment: organization-defined information flow control policies].

CA-3: Information Exchange

Approve and manage the exchange of information between the system and other systems using [Assignment (one or more): interconnection security agreements, information exchange security agreements, memoranda of understanding or agreement, service level agreements, user agreements, nondisclosure agreements, [Assignment: organization-defined type of agreement] ]; Document, as part of each exchange agreement, the interface characteristics, security and…

CM-2: Baseline Configuration

Develop, document, and maintain under configuration control, a current baseline configuration of the system; and Review and update the baseline configuration of the system: [Assignment: organization-defined frequency]; When required due to [Assignment: organization-defined circumstances]; and When system components are installed or upgraded.

SI-4: System Monitoring

1. Strategically within the system to collect organization-determined essential information; and 1. At ad hoc locations within the system to track specific types of transactions of interest to the organization; Monitor the system to detect: Attacks and indicators of potential attacks in accordance with the following monitoring objectives: [Assignment: organization-defined monitoring objectives]; and Unauthorized local,…

Cloud Controls Matrix v3.0.1

DSI-02: Data Inventory / Flows

Policies and procedures shall be established, and supporting business processes and technical measures implemented, to inventory, document, and maintain data flows for data that is resident (permanently or temporarily) within the service’s geographically distributed (physical and virtual) applications and infrastructure network and systems components and/or shared with other third parties to ascertain any regulatory, statutory,…

Critical Security Controls Version 8

3: Data Protection

Develop processes and technical controls to identify, classify, securely handle, retain, and dispose of data.

NIST Special Publication 800-53 Revision 4

AC-4: Information Flow Enforcement

The information system enforces approved authorizations for controlling the flow of information within the system and between interconnected systems based on [Assignment: organization-defined information flow control policies].

CA-3: System Interconnections

The organization: Authorizes connections from the information system to other information systems through the use of Interconnection Security Agreements; Documents, for each interconnection, the interface characteristics, security requirements, and the nature of the information communicated; and Reviews and updates Interconnection Security Agreements [Assignment: organization-defined frequency].

CM-2: Baseline Configuration

The organization develops, documents, and maintains under configuration control, a current baseline configuration of the information system.

SI-4: Information System Monitoring

The organization: Monitors the information system to detect: Attacks and indicators of potential attacks in accordance with [Assignment: organization-defined monitoring objectives]; and Unauthorized local, network, and remote connections; Identifies unauthorized use of the information system through [Assignment: organization-defined techniques and methods]; Deploys monitoring devices: Strategically within the information system to collect organization-determined essential information; and…

Critical Security Controls Version 7.1

15: Wireless Access Control

The processes and tools used to track/control/prevent/correct the security use of wireless local area networks (WLANs), access points, and wireless client systems.