last sync: 2024-May-24 18:03:04 UTC

Microsoft Managed Control 1420 - Maintenance Personnel | Regulatory Compliance - Maintenance

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1420 - Maintenance Personnel
Id 05ae08cc-a282-413b-90c7-21a2c60b8404
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Maintenance control
Additional metadata Name/Id: ACF1420 / Microsoft Managed Control 1420
Category: Maintenance
Title: Maintenance Personnel - Process
Ownership: Customer, Microsoft
Description: The organization: Establishes a process for maintenance personnel authorization and maintains a list of authorized maintenance organizations or personnel;
Requirements: Maintenance personnel authorization at Azure datacenters is managed through the DCAT system. All FTEs and vendors’ physical access to the datacenters is managed through DCAT. Logical access (any nonlocal maintenance) is managed through the CM process and access is documented, provisioned, and approved. All maintenance work requires an associated work ticket. In order to physically access the datacenter to perform maintenance, the person must be approved by the Datacenter Management (DCM) team via a DCAT request. When arriving at the datacenter, a person’s identity is matched against their approved DCAT request. The DCAT tool manages the areas that maintenance personnel can access. The principle of least privilege is used in granting access. Azure datacenters have resident maintenance teams called Site Services and Critical Environment (CE) teams. On a quarterly basis, the datacenter management team and physical security teams perform audits of the DCAT access list to keep the access list of maintenance personnel current. Personnel terminations or transfers are reflected immediately through a manual update of the access list.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a