| Source | Azure Portal | |||||||||||||||||||||||||||||||||
| Display name | Microsoft Managed Control 1713 - Software & Information Integrity | Integrity Checks | |||||||||||||||||||||||||||||||||
| Id | 0d87c70b-5012-48e9-994b-e70dd4b8def0 | |||||||||||||||||||||||||||||||||
| Version | 1.0.1 Details on versioning |
|||||||||||||||||||||||||||||||||
| Category | Regulatory Compliance Microsoft Learn |
|||||||||||||||||||||||||||||||||
| Description | Microsoft implements this System and Information Integrity control | |||||||||||||||||||||||||||||||||
| Additional metadata |
Name/Id: ACF1713 / Microsoft Managed Control 1713 Category: System and Information Integrity Title: Software & Information Integrity | Integrity Checks Ownership: Customer, Microsoft Description: The information system performs an integrity check of software and information at deployment, continually; Monthly. Requirements: Azure software updates are reviewed for any unauthorized changes before entering the production environment as part of the Security Development Lifecycle (SDL) and Change and Release Management processes. Azure components have a set of runners which leverage information captured by Geneva Monitoring to run automated tests for checking the health of the components. Runners are configured to automatically generate alerts if any component health discrepancies are identified. Azure also utilizes Azure Security Monitoring (ASM) for integrity scanning to reduce the risk of software components and devices potentially being tampered within the Azure environment. ASM has components that observe, analyze and report on security events continually in Azure environment. It complements the Azure security model by examining constraints that should always remain valid, which includes configuration settings. Azure reassesses the integrity of software and information by monitoring of events reported via Windows Resource Protection (WRP) and File Integrity Monitoring (FIM). Network devices are monitored via Config Policy Verifier (CPV) and Config Change Reporter (CCR) in near-real time. WRP, FIM, CPV, and CCR are continuously scanning the environment for changes in near-real time that would constitute a change in the integrity of software in the system. |
|||||||||||||||||||||||||||||||||
| Mode | Indexed | |||||||||||||||||||||||||||||||||
| Type | Static | |||||||||||||||||||||||||||||||||
| Preview | False | |||||||||||||||||||||||||||||||||
| Deprecated | False | |||||||||||||||||||||||||||||||||
| Effect | Fixed audit |
|||||||||||||||||||||||||||||||||
| RBAC role(s) | none | |||||||||||||||||||||||||||||||||
| Rule aliases | none | |||||||||||||||||||||||||||||||||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
|||||||||||||||||||||||||||||||||
| Compliance |
The following 2 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1713 - Software & Information Integrity | Integrity Checks' (0d87c70b-5012-48e9-994b-e70dd4b8def0)
| |||||||||||||||||||||||||||||||||
| Initiatives usage |
|
|||||||||||||||||||||||||||||||||
| History |
|
|||||||||||||||||||||||||||||||||
| JSON compare |
compare mode:
version left:
version right:
|
|||||||||||||||||||||||||||||||||
| JSON |
|