AzPolicyAdvertizer

last sync: 2023-Dec-04 18:38:36 UTC

Azure Policy definition

Storage account keys should not be expired

Source Azure Portal
Display name Storage account keys should not be expired
Id 044985bb-afe1-42cd-8a36-9d5d42424537
Version 3.0.0
Details on versioning
Category Storage
Microsoft Learn
Description Ensure the user storage account keys are not expired when key expiration policy is set, for improving security of account keys by taking action when the keys are expired.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Storage/storageAccounts
Compliance
The following 2 compliance controls are associated with this Policy definition 'Storage account keys should not be expired' (044985bb-afe1-42cd-8a36-9d5d42424537)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 Gateway security 19.1.11 Using Gateways Customer n/a Physically locating all gateway components inside a secure server room will reduce the risk of unauthorised access to the device(s). The system owner of the higher security domain of connected security domains would be most familiar with the controls required to protect the more sensitive information and as such is best placed to manage any shared components of gateways. In some cases where multiple security domains from different agencies are connected to a gateway, it may be more appropriate to have a qualified third party manage the gateway on behalf of all connected agencies. Gateway components may also reside in a virtual environment ??? refer to Section 22.2 ??? Virtualisation and Section 22.3 ??? Virtual Local Area Networks link 11
NZISM_Security_Benchmark_v1.1 GS-2 NZISM_Security_Benchmark_v1.1_GS-2 NZISM Security Benchmark GS-2 Gateway security 19.1.11 Using Gateways Customer Agencies MUST ensure that: all agency networks are protected from networks in other security domains by one or more gateways; all gateways contain mechanisms to filter or limit data flow at the network and content level to only the information necessary for business purposes; and all gateway components, discrete and virtual, are physically located within an appropriately secured server room. Physically locating all gateway components inside a secure server room will reduce the risk of unauthorised access to the device(s). The system owner of the higher security domain of connected security domains would be most familiar with the controls required to protect the more sensitive information and as such is best placed to manage any shared components of gateways. In some cases where multiple security domains from different agencies are connected to a gateway, it may be more appropriate to have a qualified third party manage the gateway on behalf of all connected agencies. Gateway components may also reside in a virtual environment – refer to Section 22.2 – Virtualisation and Section 22.3 – Virtual Local Area Networks link 9
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
New Zealand ISM Restricted d1a462af-7e6d-4901-98ac-61570b4ed22a Regulatory Compliance GA BuiltIn
New Zealand ISM Restricted v3.5 93d2179e-3068-c82f-2428-d614ae836a04 Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-07-30 15:17:20 change Major (2.0.0 > 3.0.0)
2021-07-07 15:26:31 change Major (1.0.0 > 2.0.0)
2021-05-11 14:06:18 add 044985bb-afe1-42cd-8a36-9d5d42424537
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC