last sync: 2023-Jun-01 17:45:04 UTC

Azure Policy definition

Document and implement wireless access guidelines

Name Document and implement wireless access guidelines
Azure Portal
Id 04b3e7f6-4841-888d-4799-cda19a0084f6
Version 1.1.0
details on versioning
Category Regulatory Compliance
Microsoft docs
Description CMA_0190 - Document and implement wireless access guidelines
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Manual
Allowed
Manual, Disabled
RBAC
Role(s)
none
Rule
Aliases
Rule
ResourceTypes
IF (1)
Microsoft.Resources/subscriptions
Compliance The following 24 compliance controls are associated with this Policy definition 'Document and implement wireless access guidelines' (04b3e7f6-4841-888d-4799-cda19a0084f6)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 AC-18 FedRAMP_High_R4_AC-18 FedRAMP High AC-18 Access Control Wireless Access Shared n/a The organization: a. Establishes usage restrictions, configuration/connection requirements, and implementation guidance for wireless access; and b. Authorizes wireless access to the information system prior to allowing such connections. Supplemental Guidance: Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP), which provide credential protection and mutual authentication. Related controls: AC-2, AC-3, AC-17, AC-19, CA-3, CA-7, CM-8, IA-2, IA-3, IA-8, PL-4, SI-4. References: NIST Special Publications 800-48, 800-94, 800-97. link 2
FedRAMP_High_R4 AC-18(1) FedRAMP_High_R4_AC-18(1) FedRAMP High AC-18 (1) Access Control Authentication And Encryption Shared n/a The information system protects wireless access to the system using authentication of [Selection (one or more): users; devices] and encryption. Supplemental Guidance: Related controls: SC-8, SC-13. link 3
FedRAMP_Moderate_R4 AC-18 FedRAMP_Moderate_R4_AC-18 FedRAMP Moderate AC-18 Access Control Wireless Access Shared n/a The organization: a. Establishes usage restrictions, configuration/connection requirements, and implementation guidance for wireless access; and b. Authorizes wireless access to the information system prior to allowing such connections. Supplemental Guidance: Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP), which provide credential protection and mutual authentication. Related controls: AC-2, AC-3, AC-17, AC-19, CA-3, CA-7, CM-8, IA-2, IA-3, IA-8, PL-4, SI-4. References: NIST Special Publications 800-48, 800-94, 800-97. link 2
FedRAMP_Moderate_R4 AC-18(1) FedRAMP_Moderate_R4_AC-18(1) FedRAMP Moderate AC-18 (1) Access Control Authentication And Encryption Shared n/a The information system protects wireless access to the system using authentication of [Selection (one or more): users; devices] and encryption. Supplemental Guidance: Related controls: SC-8, SC-13. link 3
hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 03 Portable Media Security 0301.09o1Organizational.123-09.o 09.07 Media Handling Shared n/a The organization, based on the data classification level, registers media (including laptops) prior to use, places reasonable restrictions on how such media are used, and provides an appropriate level of physical and logical protection (including encryption) for media containing covered information until properly destroyed or sanitized. 14
hipaa 0504.09m2Organizational.5-09.m hipaa-0504.09m2Organizational.5-09.m 0504.09m2Organizational.5-09.m 05 Wireless Security 0504.09m2Organizational.5-09.m 09.06 Network Security Management Shared n/a Firewalls are configured to deny or control any traffic from a wireless environment into the covered data environment. 4
hipaa 0858.09m1Organizational.4-09.m hipaa-0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 08 Network Protection 0858.09m1Organizational.4-09.m 09.06 Network Security Management Shared n/a The organization monitors for all authorized and unauthorized wireless access to the information system and prohibits installation of wireless access points (WAPs) unless explicitly authorized in writing by the CIO or his/her designated representative. 7
hipaa 0861.09m2Organizational.67-09.m hipaa-0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 08 Network Protection 0861.09m2Organizational.67-09.m 09.06 Network Security Management Shared n/a To identify and authenticate devices on local and/or wide area networks, including wireless networks, the information system uses either a (i) shared known information solution, or (ii) an organizational authentication solution, the exact selection and strength of which is dependent on the security categorization of the information system. 7
ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Communications Security Network controls Shared n/a Networks shall be managed and controlled to protect information in systems and applications. link 40
ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Communications Security Information transfer policies and procedures Shared n/a Formal transfer policies, procedures and controls shall be in place to protect the transfer of information through the use of all types of communication facilities. link 32
ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Organization of Information Security Mobile device policy Shared n/a A policy and supporting security measures shall be adopted to manage the risks introduced by using mobile devices. link 13
NIST_SP_800-171_R2_3 .1.16 NIST_SP_800-171_R2_3.1.16 NIST SP 800-171 R2 3.1.16 Access Control Authorize wireless access prior to allowing such connections Shared Microsoft is responsible for implementing this requirement. Establishing usage restrictions and configuration/connection requirements for wireless access to the system provides criteria for organizations to support wireless access authorization decisions. Such restrictions and requirements reduce the susceptibility to unauthorized access to the system through wireless technologies. Wireless networks use authentication protocols which provide credential protection and mutual authentication. [SP 800-97] provides guidance on secure wireless networks. link 2
NIST_SP_800-171_R2_3 .1.17 NIST_SP_800-171_R2_3.1.17 NIST SP 800-171 R2 3.1.17 Access Control Protect wireless access using authentication and encryption Shared Microsoft is responsible for implementing this requirement. Organizations authenticate individuals and devices to help protect wireless access to the system. Special attention is given to the wide variety of devices that are part of the Internet of Things with potential wireless access to organizational systems. See [NIST CRYPTO]. link 3
NIST_SP_800-53_R4 AC-18 NIST_SP_800-53_R4_AC-18 NIST SP 800-53 Rev. 4 AC-18 Access Control Wireless Access Shared n/a The organization: a. Establishes usage restrictions, configuration/connection requirements, and implementation guidance for wireless access; and b. Authorizes wireless access to the information system prior to allowing such connections. Supplemental Guidance: Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP), which provide credential protection and mutual authentication. Related controls: AC-2, AC-3, AC-17, AC-19, CA-3, CA-7, CM-8, IA-2, IA-3, IA-8, PL-4, SI-4. References: NIST Special Publications 800-48, 800-94, 800-97. link 2
NIST_SP_800-53_R4 AC-18(1) NIST_SP_800-53_R4_AC-18(1) NIST SP 800-53 Rev. 4 AC-18 (1) Access Control Authentication And Encryption Shared n/a The information system protects wireless access to the system using authentication of [Selection (one or more): users; devices] and encryption. Supplemental Guidance: Related controls: SC-8, SC-13. link 3
NIST_SP_800-53_R5 AC-18 NIST_SP_800-53_R5_AC-18 NIST SP 800-53 Rev. 5 AC-18 Access Control Wireless Access Shared n/a a. Establish configuration requirements, connection requirements, and implementation guidance for each type of wireless access; and b. Authorize each type of wireless access to the system prior to allowing such connections. link 2
NIST_SP_800-53_R5 AC-18(1) NIST_SP_800-53_R5_AC-18(1) NIST SP 800-53 Rev. 5 AC-18 (1) Access Control Authentication and Encryption Shared n/a Protect wireless access to the system using authentication of [Selection (OneOrMore): users;devices] and encryption. link 3
PCI_DSS_v4.0 1.3.3 PCI_DSS_v4.0_1.3.3 PCI DSS v4.0 1.3.3 Requirement 01: Install and Maintain Network Security Controls Network access to and from the cardholder data environment is restricted Shared n/a NSCs are installed between all wireless networks and the CDE, regardless of whether the wireless network is a CDE, such that: • All wireless traffic from wireless networks into the CDE is denied by default. • Only wireless traffic with an authorized business purpose is allowed into the CDE. link 2
PCI_DSS_v4.0 11.2.2 PCI_DSS_v4.0_11.2.2 PCI DSS v4.0 11.2.2 Requirement 11: Test Security of Systems and Networks Regularly Wireless access points are identified and monitored, and unauthorized wireless access points are addressed Shared n/a An inventory of authorized wireless access points is maintained, including a documented business justification. link 2
PCI_DSS_v4.0 2.3.1 PCI_DSS_v4.0_2.3.1 PCI DSS v4.0 2.3.1 Requirement 02: Apply Secure Configurations to All System Components Wireless environments are configured and managed securely Shared n/a For wireless environments connected to the CDE or transmitting account data, all wireless vendor defaults are changed at installation or are confirmed to be secure, including but not limited to: • Default wireless encryption keys. • Passwords or wireless access points. • SNMP defaults. • Any other security-related wireless vendor defaults. link 3
PCI_DSS_v4.0 2.3.2 PCI_DSS_v4.0_2.3.2 PCI DSS v4.0 2.3.2 Requirement 02: Apply Secure Configurations to All System Components Wireless environments are configured and managed securely Shared n/a For wireless environments connected to the CDE or transmitting account data, wireless encryption keys are changed as follows: • Whenever personnel with knowledge of the key leave the company or the role for which the knowledge was necessary. • Whenever a key is suspected of or known to be compromised. link 3
PCI_DSS_v4.0 4.2.1.2 PCI_DSS_v4.0_4.2.1.2 PCI DSS v4.0 4.2.1.2 Requirement 04: Protect Cardholder Data with Strong Cryptography During Transmission Over Open, Public Networks PAN is protected with strong cryptography during transmission Shared n/a Wireless networks transmitting PAN or connected to the CDE use industry best practices to implement strong cryptography for authentication and transmission. link 3
SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 1. Restrict Internet Access & Protect Critical Systems from General IT Environment Control/Protect Internet access from operator PCs and systems within the secure zone. Shared n/a All general-purpose and dedicated operator PCs, as well as systems within the secure zone, have controlled direct internet access in line with business. link 11
SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 2. Reduce Attack Surface and Vulnerabilities Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications Shared n/a The confidentiality and integrity of interactive operator sessions that connect to service provider SWIFT-related applications or into the secure zone are safeguarded. link 17
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add 04b3e7f6-4841-888d-4799-cda19a0084f6
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
NIST SP 800-171 Rev. 2 03055927-78bd-4236-86c0-f36125a10dc9 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
JSON