last sync: 2024-Mar-01 17:50:27 UTC

Produce, control and distribute symmetric cryptographic keys | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Produce, control and distribute symmetric cryptographic keys
Id 16c54e01-9e65-7524-7c33-beda48a75779
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1645 - Produce, control and distribute symmetric cryptographic keys
Additional metadata Name/Id: CMA_C1645 / CMA_C1645
Category: Operational
Title: Produce, control and distribute symmetric cryptographic keys
Ownership: Customer
Description: The customer is responsible for producing, controlling, and distributing symmetric cryptographic keys (if they are used within customer-deployed resources) using compliant key management technology and processes.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 11 compliance controls are associated with this Policy definition 'Produce, control and distribute symmetric cryptographic keys' (16c54e01-9e65-7524-7c33-beda48a75779)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 SC-12(2) FedRAMP_High_R4_SC-12(2) FedRAMP High SC-12 (2) System And Communications Protection Symmetric Keys Shared n/a The organization produces, controls, and distributes symmetric cryptographic keys using [Selection: NIST FIPS-compliant; NSA-approved] key management technology and processes. link 1
FedRAMP_Moderate_R4 SC-12(2) FedRAMP_Moderate_R4_SC-12(2) FedRAMP Moderate SC-12 (2) System And Communications Protection Symmetric Keys Shared n/a The organization produces, controls, and distributes symmetric cryptographic keys using [Selection: NIST FIPS-compliant; NSA-approved] key management technology and processes. link 1
hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 09 Transmission Protection 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls Shared n/a Key management is implemented based on specific roles and responsibilities, and in consideration of national and international regulations, restrictions, and issues. 10
hipaa 1005.01d1System.1011-01.d hipaa-1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 10 Password Management 1005.01d1System.1011-01.d 01.02 Authorized Access to Information Systems Shared n/a The organization transmits passwords only when cryptographically-protected and stores passwords using an approved hash algorithm. 6
NIST_SP_800-53_R4 SC-12(2) NIST_SP_800-53_R4_SC-12(2) NIST SP 800-53 Rev. 4 SC-12 (2) System And Communications Protection Symmetric Keys Shared n/a The organization produces, controls, and distributes symmetric cryptographic keys using [Selection: NIST FIPS-compliant; NSA-approved] key management technology and processes. link 1
NIST_SP_800-53_R5 SC-12(2) NIST_SP_800-53_R5_SC-12(2) NIST SP 800-53 Rev. 5 SC-12 (2) System and Communications Protection Symmetric Keys Shared n/a Produce, control, and distribute symmetric cryptographic keys using [Selection: NIST FIPS-validated;NSA-approved] key management technology and processes. link 1
PCI_DSS_v4.0 3.6.1.2 PCI_DSS_v4.0_3.6.1.2 PCI DSS v4.0 3.6.1.2 Requirement 03: Protect Stored Account Data Cryptographic keys used to protect stored account data are secured Shared n/a Secret and private keys used to encrypt/decrypt stored account data are stored in one (or more) of the following forms at all times: • Encrypted with a key-encrypting key that is at least as strong as the data-encrypting key, and that is stored separately from the dataencrypting key. • Within a secure cryptographic device (SCD), such as a hardware security module (HSM) or PTS-approved point-of-interaction device. • As at least two full-length key components or key shares, in accordance with an industry-accepted method. link 8
PCI_DSS_v4.0 3.7.2 PCI_DSS_v4.0_3.7.2 PCI DSS v4.0 3.7.2 Requirement 03: Protect Stored Account Data Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented Shared n/a Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to Protect Stored Account Data. link 8
PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Requirement 03: Protect Stored Account Data Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented Shared n/a Key-management policies and procedures are implemented to include secure storage of cryptographic keys used to Protect Stored Account Data. link 9
PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 Requirement 04: Protect Cardholder Data with Strong Cryptography During Transmission Over Open, Public Networks PAN is protected with strong cryptography during transmission Shared n/a Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks: • Only trusted keys and certificates are accepted. • Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. This bullet is a best practice until its effective date; refer to applicability notes below for details. • The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations. • The encryption strength is appropriate for the encryption methodology in use. link 12
SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 2. Reduce Attack Surface and Vulnerabilities Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. Shared n/a Confidentiality, integrity, and authentication mechanisms are implemented to protect SWIFT-related component-to-component or system-to-system data flows. link 36
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 16c54e01-9e65-7524-7c33-beda48a75779
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC