last sync: 2024-Apr-19 17:43:58 UTC

Microsoft Managed Control 1713 - Software & Information Integrity | Integrity Checks | Regulatory Compliance - System and Information Integrity

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1713 - Software & Information Integrity | Integrity Checks
Id 0d87c70b-5012-48e9-994b-e70dd4b8def0
Version 1.0.1
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this System and Information Integrity control
Additional metadata Name/Id: ACF1713 / Microsoft Managed Control 1713
Category: System and Information Integrity
Title: Software & Information Integrity | Integrity Checks
Ownership: Customer, Microsoft
Description: The information system performs an integrity check of software and information at deployment, continually; Monthly.
Requirements: Azure software updates are reviewed for any unauthorized changes before entering the production environment as part of the Security Development Lifecycle (SDL) and Change and Release Management processes. Azure components have a set of runners which leverage information captured by Geneva Monitoring to run automated tests for checking the health of the components. Runners are configured to automatically generate alerts if any component health discrepancies are identified. Azure also utilizes Azure Security Monitoring (ASM) for integrity scanning to reduce the risk of software components and devices potentially being tampered within the Azure environment. ASM has components that observe, analyze and report on security events continually in Azure environment. It complements the Azure security model by examining constraints that should always remain valid, which includes configuration settings. Azure reassesses the integrity of software and information by monitoring of events reported via Windows Resource Protection (WRP) and File Integrity Monitoring (FIM). Network devices are monitored via Config Policy Verifier (CPV) and Config Change Reporter (CCR) in near-real time. WRP, FIM, CPV, and CCR are continuously scanning the environment for changes in near-real time that would constitute a change in the integrity of software in the system.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-01 20:29:14 change Patch (1.0.0 > 1.0.1)
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC