800-53|PM-7

Title

ENTERPRISE ARCHITECTURE

Description

The organization develops an enterprise architecture with consideration for information security and the resulting risk to organizational operations, organizational assets, individuals, other organizations, and the Nation.

Supplemental

The enterprise architecture developed by the organization is aligned with the Federal Enterprise Architecture. The integration of information security requirements and associated security controls into the organization's enterprise architecture helps to ensure that security considerations are addressed by organizations early in the system development life cycle and are directly and explicitly related to the organization's mission/business processes. This process of security requirements integration also embeds into the enterprise architecture, an integral information security architecture consistent with organizational risk management and information security strategies. For PM-7, the information security architecture is developed at a system-of-systems level (organization-wide), representing all of the organizational information systems. For PL-8, the information security architecture is developed at a level representing an individual information system but at the same time, is consistent with the information security architecture defined for the organization. Security requirements and security control integration are most effectively accomplished through the application of the Risk Management Framework and supporting security standards and guidelines. The Federal Segment Architecture Methodology provides guidance on integrating information security requirements and security controls into enterprise architectures.

Reference Item Details

Related: PL-2,PL-8,PM-11,RA-2,SA-3

Category: PROGRAM MANAGEMENT

Family: PROGRAM MANAGEMENT

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.1 Ensure Trusted Locations Are Definedmicrosoft_azureCIS Microsoft Azure Foundations v2.0.0 L1
1.3.10 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
2.4 Ensure Docker is allowed to make changes to iptables - daemon.jsonUnixCIS Docker v1.6.0 L1 Docker Linux
2.4 Ensure Docker is allowed to make changes to iptables - dockerdUnixCIS Docker v1.6.0 L1 Docker Linux
2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabledPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabledPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabledPalo_AltoCIS Palo Alto Firewall 11 v1.0.0 L1
2.4.6 Apply Local-in PoliciesFortiGateCIS Fortigate 7.0.x Level 1 v1.2.0
2.4.7 Ensure default Admin ports are changedFortiGateCIS Fortigate 7.0.x Level 1 v1.2.0
3.2.1 Ensure source routed packets are not accepted - net.ipv4.conf.all.accept_source_routeUnixCIS Google Container-Optimized OS L2 Server v1.1.0
3.2.1 Ensure source routed packets are not accepted - net.ipv4.conf.default.accept_source_routeUnixCIS Google Container-Optimized OS L2 Server v1.1.0
3.2.1 Ensure source routed packets are not accepted - net.ipv6.conf.all.accept_source_routeUnixCIS Google Container-Optimized OS L2 Server v1.1.0
3.2.1 Ensure source routed packets are not accepted - net.ipv6.conf.default.accept_source_routeUnixCIS Google Container-Optimized OS L2 Server v1.1.0
3.2.2 Ensure ICMP redirects are not accepted - net.ipv4.conf.all.accept_redirectsUnixCIS Google Container-Optimized OS L2 Server v1.1.0
3.2.2 Ensure ICMP redirects are not accepted - net.ipv4.conf.default.accept_redirectsUnixCIS Google Container-Optimized OS L2 Server v1.1.0
3.2.2 Ensure ICMP redirects are not accepted - net.ipv6.conf.all.accept_redirectsUnixCIS Google Container-Optimized OS L2 Server v1.1.0
3.2.2 Ensure ICMP redirects are not accepted - net.ipv6.conf.default.accept_redirectsUnixCIS Google Container-Optimized OS L2 Server v1.1.0
3.2.3 Ensure secure ICMP redirects are not accepted - net.ipv4.conf.all.secure_redirectsUnixCIS Google Container-Optimized OS L2 Server v1.1.0
3.2.3 Ensure secure ICMP redirects are not accepted - net.ipv4.conf.default.secure_redirectsUnixCIS Google Container-Optimized OS L2 Server v1.1.0
3.10 Ensure Private Endpoints are used to access Storage Accountsmicrosoft_azureCIS Microsoft Azure Foundations v2.0.0 L1
18.5.11.1 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.5.11.1 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.5.11.1 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
18.5.11.1 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.5.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.5.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Windows Server 2012 MS L1 v3.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Windows Server 2012 DC L1 v3.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows Server 2016 MS L1 v2.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows Server 2019 MS L1 v2.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows Server 2019 Standalone DC L1 vCIS Microsoft Windows Server 2019 Standalone DC L1 v1.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows Server 2019 MS Standalone L1 v1.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 DC
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 MS
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows Server 2016 DC L1 v2.0.0
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows Server 2019 DC L1 v2.0.0
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows Server 2016 DC L1 v2.0.0
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 MS
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows Server 2019 MS L1 v2.0.0
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows Server 2019 DC L1 v2.0.0
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows Server 2019 Standalone DC L1 vCIS Microsoft Windows Server 2019 Standalone DC L1 v1.0.0
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows Server 2019 MS Standalone L1 v1.0.0
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 DC
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows Server 2016 MS L1 v2.0.0