last sync: 2024-Oct-10 19:12:06 UTC

View and configure system diagnostic data | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name View and configure system diagnostic data
Id 0123edae-3567-a05a-9b05-b53ebe9d3e7e
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_0544 - View and configure system diagnostic data
Additional metadata Name/Id: CMA_0544 / CMA_0544
Category: Operational
Title: View and configure system diagnostic data
Ownership: Customer
Description: Microsoft recommends that your organization configure its operating system diagnostic data to ensure the system is reliable, performant, and up to date. This can also help your organization to plan, prepare, and manage the availability of adequate capacity and resources to deliver the required system performance. Your organization can more easily respond to gaps related to system performance by having a clear view and understanding of the diagnostic data. Your organization can configure Windows diagnostics data through an agent in Azure monitor. This agent collects monitoring events from the operating system of Azure resources for review and custom configuration. For more information on diagnostics extension overview, go to: https://docs.microsoft.com/azure/azure-monitor/agents/diagnostics-extension-overview. **Learn More** Azure Monitor: https://docs.microsoft.com/azure/azure-monitor/agents/agents-overview
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 33 compliance controls are associated with this Policy definition 'View and configure system diagnostic data' (0123edae-3567-a05a-9b05-b53ebe9d3e7e)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 CM-6(1) FedRAMP_High_R4_CM-6(1) FedRAMP High CM-6 (1) Configuration Management Automated Central Management / Application / Verification Shared n/a The organization employs automated mechanisms to centrally manage, apply, and verify configuration settings for [Assignment: organization-defined information system components]. Supplemental Guidance: Related controls: CA-7, CM-4. link 3
FedRAMP_High_R4 SI-7(1) FedRAMP_High_R4_SI-7(1) FedRAMP High SI-7 (1) System And Information Integrity Integrity Checks Shared n/a The information system performs an integrity check of [Assignment: organization-defined software, firmware, and information] [Selection (one or more): at startup; at [Assignment: organization-defined transitional states or security-relevant events]; [Assignment: organization- defined frequency]]. Supplemental Guidance: Security-relevant events include, for example, the identification of a new threat to which organizational information systems are susceptible, and the installation of new hardware, software, or firmware. Transitional states include, for example, system startup, restart, shutdown, and abort. link 2
FedRAMP_Moderate_R4 CM-6(1) FedRAMP_Moderate_R4_CM-6(1) FedRAMP Moderate CM-6 (1) Configuration Management Automated Central Management / Application / Verification Shared n/a The organization employs automated mechanisms to centrally manage, apply, and verify configuration settings for [Assignment: organization-defined information system components]. Supplemental Guidance: Related controls: CA-7, CM-4. link 3
FedRAMP_Moderate_R4 SI-7(1) FedRAMP_Moderate_R4_SI-7(1) FedRAMP Moderate SI-7 (1) System And Information Integrity Integrity Checks Shared n/a The information system performs an integrity check of [Assignment: organization-defined software, firmware, and information] [Selection (one or more): at startup; at [Assignment: organization-defined transitional states or security-relevant events]; [Assignment: organization- defined frequency]]. Supplemental Guidance: Security-relevant events include, for example, the identification of a new threat to which organizational information systems are susceptible, and the installation of new hardware, software, or firmware. Transitional states include, for example, system startup, restart, shutdown, and abort. link 2
hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 02 Endpoint Protection 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code Shared n/a Rules for the migration of software from development to operational status are defined and documented by the organization hosting the affected application(s), including that development, test, and operational systems are separated (physically or virtually) to reduce the risks of unauthorized access or changes to the operational system. 11
hipaa 0603.06g2Organizational.1-06.g hipaa-0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 06 Configuration Management 0603.06g2Organizational.1-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance Shared n/a Automated compliance tools are used when possible. 6
hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 06 Configuration Management 0618.09b1System.1-09.b 09.01 Documented Operating Procedures Shared n/a Changes to information assets, including systems, networks, and network services, are controlled and archived. 16
hipaa 0626.10h1System.3-10.h hipaa-0626.10h1System.3-10.h 0626.10h1System.3-10.h 06 Configuration Management 0626.10h1System.3-10.h 10.04 Security of System Files Shared n/a Operational systems only hold approved programs or executable code. 3
hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 06 Configuration Management 0627.10h1System.45-10.h 10.04 Security of System Files Shared n/a The organization maintains information systems according to a current baseline configuration and configures system security parameters to prevent misuse. Vendor supplied software used in operational systems is maintained at a level supported by the supplier and uses the latest version of web browsers on operational systems to take advantage of the latest security functions in the application. 11
hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 06 Configuration Management 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes Shared n/a The organization employs automated mechanisms to (i) centrally manage, apply, and verify configuration settings; (ii) respond to unauthorized changes to network and system security-related configuration settings; and, (iii) enforce access restrictions and auditing of the enforcement actions. 20
hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 06 Configuration Management 0663.10h1System.7-10.h 10.04 Security of System Files Shared n/a The operating system has in place supporting technical controls such as antivirus, file integrity monitoring, host-based (personal) firewalls or port filtering tools, and logging as part of its baseline. 16
hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 06 Configuration Management 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes Shared n/a The integrity of all virtual machine images is ensured at all times by (i) logging and raising an alert for any changes made to virtual machine images, and (ii) making available to the business owner(s) and/or customer(s) through electronic methods (e.g., portals or alerts) the results of a change or move and the subsequent validation of the image's integrity. 12
hipaa 0708.10b2System.2-10.b hipaa-0708.10b2System.2-10.b 0708.10b2System.2-10.b 07 Vulnerability Management 0708.10b2System.2-10.b 10.02 Correct Processing in Applications Shared n/a System and information integrity requirements are developed, documented, disseminated, reviewed, and updated annually. 3
hipaa 0710.10m2Organizational.1-10.m hipaa-0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 07 Vulnerability Management 0710.10m2Organizational.1-10.m 10.06 Technical Vulnerability Management Shared n/a A hardened configuration standard exists for all system and network components. 9
hipaa 1206.09aa2System.23-09.aa hipaa-1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 12 Audit Logging & Monitoring 1206.09aa2System.23-09.aa 09.10 Monitoring Shared n/a Auditing is always available while the system is active and tracks key events, success/failed data access, system security configuration changes, privileged or utility use, any alarms raised, activation and de-activation of protection systems (e.g., A/V and IDS), activation and deactivation of identification and authentication mechanisms, and creation and deletion of system-level objects. 6
hipaa 1220.09ab3System.56-09.ab hipaa-1220.09ab3System.56-09.ab 1220.09ab3System.56-09.ab 12 Audit Logging & Monitoring 1220.09ab3System.56-09.ab 09.10 Monitoring Shared n/a Monitoring includes inbound and outbound communications and file integrity monitoring. 4
hipaa 1791.10a2Organizational.6-10.a hipaa-1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 17 Risk Management 1791.10a2Organizational.6-10.a 10.01 Security Requirements of Information Systems Shared n/a Specifications for the security control requirements state automated controls will be incorporated in the information system, supplemented by manual controls as needed, as evidenced throughout the SDLC. 5
ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Operations Security Installation of software on operational systems Shared n/a Procedures shall be implemented to control the installation of software on operational systems. link 18
ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Operations Security Restrictions on software installation Shared n/a Rules governing the installation of software by users shall be established and implemented. link 18
mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found n/a n/a 60
NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Configuration Management Establish and enforce security configuration settings for information technology products employed in organizational systems. Shared Microsoft and the customer share responsibilities for implementing this requirement. Configuration settings are the set of parameters that can be changed in hardware, software, or firmware components of the system that affect the security posture or functionality of the system. Information technology products for which security-related configuration settings can be defined include mainframe computers, servers, workstations, input and output devices (e.g., scanners, copiers, and printers), network components (e.g., firewalls, routers, gateways, voice and data switches, wireless access points, network appliances, sensors), operating systems, middleware, and applications. Security parameters are those parameters impacting the security state of systems including the parameters required to satisfy other security requirements. Security parameters include: registry settings; account, file, directory permission settings; and settings for functions, ports, protocols, and remote connections. Organizations establish organization-wide configuration settings and subsequently derive specific configuration settings for systems. The established settings become part of the systems configuration baseline. Common secure configurations (also referred to as security configuration checklists, lockdown and hardening guides, security reference guides, security technical implementation guides) provide recognized, standardized, and established benchmarks that stipulate secure configuration settings for specific information technology platforms/products and instructions for configuring those system components to meet operational requirements. Common secure configurations can be developed by a variety of organizations including information technology product developers, manufacturers, vendors, consortia, academia, industry, federal agencies, and other organizations in the public and private sectors. [SP 800-70] and [SP 800-128] provide guidance on security configuration settings. link 25
NIST_SP_800-53_R4 CM-6(1) NIST_SP_800-53_R4_CM-6(1) NIST SP 800-53 Rev. 4 CM-6 (1) Configuration Management Automated Central Management / Application / Verification Shared n/a The organization employs automated mechanisms to centrally manage, apply, and verify configuration settings for [Assignment: organization-defined information system components]. Supplemental Guidance: Related controls: CA-7, CM-4. link 3
NIST_SP_800-53_R4 SI-7(1) NIST_SP_800-53_R4_SI-7(1) NIST SP 800-53 Rev. 4 SI-7 (1) System And Information Integrity Integrity Checks Shared n/a The information system performs an integrity check of [Assignment: organization-defined software, firmware, and information] [Selection (one or more): at startup; at [Assignment: organization-defined transitional states or security-relevant events]; [Assignment: organization- defined frequency]]. Supplemental Guidance: Security-relevant events include, for example, the identification of a new threat to which organizational information systems are susceptible, and the installation of new hardware, software, or firmware. Transitional states include, for example, system startup, restart, shutdown, and abort. link 2
NIST_SP_800-53_R5 CM-6(1) NIST_SP_800-53_R5_CM-6(1) NIST SP 800-53 Rev. 5 CM-6 (1) Configuration Management Automated Management, Application, and Verification Shared n/a Manage, apply, and verify configuration settings for [Assignment: organization-defined system components] using [Assignment: organization-defined automated mechanisms]. link 3
NIST_SP_800-53_R5 SI-7(1) NIST_SP_800-53_R5_SI-7(1) NIST SP 800-53 Rev. 5 SI-7 (1) System and Information Integrity Integrity Checks Shared n/a Perform an integrity check of [Assignment: organization-defined software, firmware, and information] [Selection (OneOrMore): at startup;at [Assignment: organization-defined transitional states or security-relevant events] ; [Assignment: organization-defined frequency] ] . link 2
org.4 Authorization process org.4 Authorization process 404 not found n/a n/a 126
PCI_DSS_v4.0 11.5.2 PCI_DSS_v4.0_11.5.2 PCI DSS v4.0 11.5.2 Requirement 11: Test Security of Systems and Networks Regularly Network intrusions and unexpected file changes are detected and responded to Shared n/a A change-detection mechanism (for example, file integrity monitoring tools) is deployed as follows: • To alert personnel to unauthorized modification (including changes, additions, and deletions) of critical files • To perform critical file comparisons at least once weekly. link 4
PCI_DSS_v4.0 11.6.1 PCI_DSS_v4.0_11.6.1 PCI DSS v4.0 11.6.1 Requirement 11: Test Security of Systems and Networks Regularly Unauthorized changes on payment pages are detected and responded to Shared n/a A change- and tamper-detection mechanism is deployed as follows: • To alert personnel to unauthorized modification (including indicators of compromise, changes, additions, and deletions) to the HTTP headers and the contents of payment pages as received by the consumer browser. • The mechanism is configured to evaluate the received HTTP header and payment page. • The mechanism functions are performed as follows: – At least once every seven days OR – Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). link 3
PCI_DSS_v4.0 6.4.3 PCI_DSS_v4.0_6.4.3 PCI DSS v4.0 6.4.3 Requirement 06: Develop and Maintain Secure Systems and Software Public-facing web applications are protected against attacks Shared n/a All payment page scripts that are loaded and executed in the consumer’s browser are managed as follows: • A method is implemented to confirm that each script is authorized. • A method is implemented to assure the integrity of each script. • An inventory of all scripts is maintained with written justification as to why each is necessary. link 2
SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Logical and Physical Access Controls Prevent or detect against unauthorized or malicious software Shared The customer is responsible for implementing this recommendation. Restricts Application and Software Installation — The ability to install applications and software is restricted to authorized individuals. • Detects Unauthorized Changes to Software and Configuration Parameters — Processes are in place to detect changes to software and configuration parameters that may be indicative of unauthorized or malicious software. • Uses a Defined Change Control Process — A management-defined change control process is used for the implementation of software. • Uses Antivirus and Anti-Malware Software — Antivirus and anti-malware software is implemented and maintained to provide for the interception or detection and remediation of malware. • Scans Information Assets from Outside the Entity for Malware and Other Unauthorized Software — Procedures are in place to scan information assets that have been transferred or returned to the entity’s custody for malware and other unauthorized software and to remove any items detected prior to its implementation on the network. 47
SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 System Operations Detection and monitoring of new vulnerabilities Shared The customer is responsible for implementing this recommendation. • Uses Defined Configuration Standards — Management has defined configuration standards. • Monitors Infrastructure and Software — The entity monitors infrastructure and software for noncompliance with the standards, which could threaten the achievement of the entity's objectives. • Implements Change-Detection Mechanisms — The IT system includes a changedetection mechanism (for example, file integrity monitoring tools) to alert personnel to unauthorized modifications of critical system files, configuration files, or content files. • Detects Unknown or Unauthorized Components — Procedures are in place to detect the introduction of unknown or unauthorized components. • Conducts Vulnerability Scans — The entity conducts vulnerability scans designed to identify potential vulnerabilities or misconfigurations on a periodic basis and after any significant change in the environment and takes action to remediate identified deficiencies on a timely basis 15
SWIFT_CSCF_v2022 6.2 SWIFT_CSCF_v2022_6.2 SWIFT CSCF v2022 6.2 6. Detect Anomalous Activity to Systems or Transaction Records Ensure the software integrity of the SWIFT-related components and act upon results. Shared n/a A software integrity check is performed at regular intervals on messaging interface, communication interface, and other SWIFT-related components and results are considered for appropriate resolving actions. link 6
SWIFT_CSCF_v2022 6.3 SWIFT_CSCF_v2022_6.3 SWIFT CSCF v2022 6.3 6. Detect Anomalous Activity to Systems or Transaction Records Ensure the integrity of the database records for the SWIFT messaging interface or the customer connector and act upon results. Shared n/a A database integrity check is performed at regular intervals on databases that record SWIFT transactions and results are considered for appropriate resolving actions. link 2
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
NIST SP 800-171 Rev. 2 03055927-78bd-4236-86c0-f36125a10dc9 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn
SOC 2 Type 2 4054785f-702b-4a98-9215-009cbd58b141 Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add 0123edae-3567-a05a-9b05-b53ebe9d3e7e
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC