last sync: 2024-Jun-13 18:14:14 UTC

Restrict use of open source software | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Restrict use of open source software
Id 08c11b48-8745-034d-1c1b-a144feec73b9
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1237 - Restrict use of open source software
Additional metadata Name/Id: CMA_C1237 / CMA_C1237
Category: Operational
Title: Restrict use of open source software
Ownership: Customer
Description: The customer is responsible for restricting the use of open source software.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 7 compliance controls are associated with this Policy definition 'Restrict use of open source software' (08c11b48-8745-034d-1c1b-a144feec73b9)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 CM-10(1) FedRAMP_High_R4_CM-10(1) FedRAMP High CM-10 (1) Configuration Management Open Source Software Shared n/a The organization establishes the following restrictions on the use of open source software: [Assignment: organization-defined restrictions]. Supplemental Guidance: Open source software refers to software that is available in source code form. Certain software rights normally reserved for copyright holders are routinely provided under software license agreements that permit individuals to study, change, and improve the software. From a security perspective, the major advantage of open source software is that it provides organizations with the ability to examine the source code. However, there are also various licensing issues associated with open source software including, for example, the constraints on derivative use of such software. link 1
FedRAMP_Moderate_R4 CM-10(1) FedRAMP_Moderate_R4_CM-10(1) FedRAMP Moderate CM-10 (1) Configuration Management Open Source Software Shared n/a The organization establishes the following restrictions on the use of open source software: [Assignment: organization-defined restrictions]. Supplemental Guidance: Open source software refers to software that is available in source code form. Certain software rights normally reserved for copyright holders are routinely provided under software license agreements that permit individuals to study, change, and improve the software. From a security perspective, the major advantage of open source software is that it provides organizations with the ability to examine the source code. However, there are also various licensing issues associated with open source software including, for example, the constraints on derivative use of such software. link 1
hipaa 0722.07a1Organizational.67-07.a hipaa-0722.07a1Organizational.67-07.a 0722.07a1Organizational.67-07.a 07 Vulnerability Management 0722.07a1Organizational.67-07.a 07.01 Responsibility for Assets Shared n/a If the organization assigns assets to contractors, it ensures that the procedures for assigning and monitoring the use of the property are included in the contract; and, if assigned to volunteer workers, there is a written agreement specifying how and when the property will be inventoried and how it will be returned upon completion of the volunteer assignment. 3
NIST_SP_800-53_R4 CM-10(1) NIST_SP_800-53_R4_CM-10(1) NIST SP 800-53 Rev. 4 CM-10 (1) Configuration Management Open Source Software Shared n/a The organization establishes the following restrictions on the use of open source software: [Assignment: organization-defined restrictions]. Supplemental Guidance: Open source software refers to software that is available in source code form. Certain software rights normally reserved for copyright holders are routinely provided under software license agreements that permit individuals to study, change, and improve the software. From a security perspective, the major advantage of open source software is that it provides organizations with the ability to examine the source code. However, there are also various licensing issues associated with open source software including, for example, the constraints on derivative use of such software. link 1
NIST_SP_800-53_R5 CM-10(1) NIST_SP_800-53_R5_CM-10(1) NIST SP 800-53 Rev. 5 CM-10 (1) Configuration Management Open-source Software Shared n/a Establish the following restrictions on the use of open-source software: [Assignment: organization-defined restrictions]. link 1
op.exp.2 Security configuration op.exp.2 Security configuration 404 not found n/a n/a 112
op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found n/a n/a 123
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 08c11b48-8745-034d-1c1b-a144feec73b9
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC