last sync: 2024-Apr-24 17:46:58 UTC

Microsoft Managed Control 1404 - Maintenance Tools | Regulatory Compliance - Maintenance

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1404 - Maintenance Tools
Id 13d8f903-0cd6-449f-a172-50f6579c182b
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Maintenance control
Additional metadata Name/Id: ACF1404 / Microsoft Managed Control 1404
Category: Maintenance
Title: Maintenance Tools
Ownership: Customer, Microsoft
Description: The organization approves, controls, and monitors information system maintenance tools.
Requirements: All maintenance work must be approved prior to work beginning. Azure implements maintenance tools control by creating an access level within the Datacenter Access Tool (DCAT). Each facility contains a restricted physical lock box or access-controlled room for the storage of specialized maintenance tools, such as fluke ether scopes, fluke fiber channel testers, Ethernet toners, etc. Access is controlled to the lock box or storage room using the DCAT tool to prohibit unauthorized access to the maintenance tools. This ensures that only personnel with approved access can access the tools. Third-party maintenance personnel may provide their own calibrated tools or assets where necessary. The same access controls in DCAT that limit access to the on-site tooling are also in place for all work areas where Critical Environment (CE) assets are present. Azure limits where any personnel can go and what doors they can open. To access the work site, they must follow CE procedural requirements. The Site Services team performs routine inventory checks to verify the status of all tools. Access to lock box or maintenance storage room is tracked in the access badge reader logs, which are available in the event of an investigation. On a quarterly basis, the datacenter management team and physical security teams perform audits of the DCAT access list to keep the access list of maintenance personnel current. Personnel terminations or transfers are reflected immediately through a manual update of the access list. In addition, for logical access, maintenance is performed through the utilization of the SI, CM, AC, AU, and IR control families mentioned in this System Security Plan (SSP) document. Logical maintenance is performed through configuration management, access management, monitoring, and incident response tooling and processes. The tooling that are leveraged are ASM, SCUBA, AAD, JIT, build systems, and incident response ticketing systems.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC