last sync: 2024-May-24 18:03:04 UTC

Microsoft Managed Control 1430 - Media Labeling | Regulatory Compliance - Media Protection

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1430 - Media Labeling
Id 0f559588-5e53-4b14-a7c4-85d28ebc2234
Version 1.0.1
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Media Protection control
Additional metadata Name/Id: ACF1430 / Microsoft Managed Control 1430
Category: Media Protection
Title: Media Labeling - Exemptions
Ownership: Microsoft
Description: The organization: Exempts no removable media types from marking.
Requirements: Asset owners are required to assign their assets an asset classification and no assets are exempt from this requirement. In the Azure datacenter environment, assets refer to servers, network devices, and magnetic tapes. Non-digital media is not used in the datacenters. Azure implements maintenance tools control by creating an access level within the Datacenter Access Tool (DCAT). Each facility contains a restricted physical lock box or access-controlled room for the storage of specialized maintenance tools, such as fluke ether scopes, fluke fiber channel testers, Ethernet toners, and USBs. Access is controlled to the lock box or storage room using the DCAT tool to prohibit unauthorized access to the maintenance tools. This ensures that only personnel with approved access can access the tools. Third-party maintenance personnel may provide their own calibrated tools or assets where necessary. The same access controls in DCAT that limit access to the on-site tooling are also in place for all work areas where Critical Environment (CE) assets are present. Azure limits where any personnel can go and what doors they can open. To access the work site, they must follow CE procedural requirements. The Site Services team performs routine inventory checks to verify the status of all tools. Access to lock box or maintenance storage room is tracked in the access badge reader logs, which are available in the event of an investigation. On a quarterly basis, the datacenter management team and physical security teams perform audits of the DCAT access list to keep the access list of maintenance personnel current. Personnel terminations or transfers are reflected immediately through a manual update of the access list.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-01 20:29:14 change Patch (1.0.0 > 1.0.1)
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC