| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1404 - Maintenance Tools | ||
| Id | 13d8f903-0cd6-449f-a172-50f6579c182b | ||
| Version | 1.0.0 Details on versioning |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Maintenance control | ||
| Additional metadata |
Name/Id: ACF1404 / Microsoft Managed Control 1404 Category: Maintenance Title: Maintenance Tools Ownership: Customer, Microsoft Description: The organization approves, controls, and monitors information system maintenance tools. Requirements: All maintenance work must be approved prior to work beginning. Azure implements maintenance tools control by creating an access level within the Datacenter Access Tool (DCAT). Each facility contains a restricted physical lock box or access-controlled room for the storage of specialized maintenance tools, such as fluke ether scopes, fluke fiber channel testers, Ethernet toners, etc. Access is controlled to the lock box or storage room using the DCAT tool to prohibit unauthorized access to the maintenance tools. This ensures that only personnel with approved access can access the tools. Third-party maintenance personnel may provide their own calibrated tools or assets where necessary. The same access controls in DCAT that limit access to the on-site tooling are also in place for all work areas where Critical Environment (CE) assets are present. Azure limits where any personnel can go and what doors they can open. To access the work site, they must follow CE procedural requirements. The Site Services team performs routine inventory checks to verify the status of all tools. Access to lock box or maintenance storage room is tracked in the access badge reader logs, which are available in the event of an investigation. On a quarterly basis, the datacenter management team and physical security teams perform audits of the DCAT access list to keep the access list of maintenance personnel current. Personnel terminations or transfers are reflected immediately through a manual update of the access list. In addition, for logical access, maintenance is performed through the utilization of the SI, CM, AC, AU, and IR control families mentioned in this System Security Plan (SSP) document. Logical maintenance is performed through configuration management, access management, monitoring, and incident response tooling and processes. The tooling that are leveraged are ASM, SCUBA, AAD, JIT, build systems, and incident response ticketing systems. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|