ID.AM-03: Representations of the organization’s authorized network communication and internal and external network data flows are maintained

Previous Version:

Description

[csf.tools Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

3rd: 3rd Party Risk

Ex1: Maintain baselines of communication and data flows within the organization's wired and wireless networks

Ex2: Maintain baselines of communication and data flows between the organization and third parties

Ex3: Maintain baselines of communication and data flows for the organization's infrastructure-as-a-service (IaaS) usage

Ex4: Maintain documentation of expected network ports, protocols, and services that are typically used among authorized systems