last sync: 2025-Mar-26 20:41:27 UTC

Generate internal security alerts | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Generate internal security alerts
Id 171e377b-5224-4a97-1eaa-62a3b5231dac
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1704 - Generate internal security alerts
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'
Additional metadata Name/Id: CMA_C1704 / CMA_C1704
Category: Operational
Title: Generate internal security alerts
Ownership: Customer
Description: The customer is responsible for generating internal security alerts, advisories, and directives as deemed necessary.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 13 compliance controls are associated with this Policy definition 'Generate internal security alerts' (171e377b-5224-4a97-1eaa-62a3b5231dac)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
CIS_Azure_Foundations_v2.1.0 2.1.18 CIS_Azure_Foundations_v2.1.0_2.1.18 CIS Azure Foundations v2.1.0 2.1.18 Security Monitoring Ensure 'Additional email addresses' is Configured with a Security Contact Email Shared n/a Ensure that a security contact email is set up for alerts and notifications. 3
CIS_Azure_Foundations_v2.1.0 2.1.19 CIS_Azure_Foundations_v2.1.0_2.1.19 CIS Azure Foundations v2.1.0 2.1.19 Security Monitoring Ensure That 'Notify about alerts with the following severity' is Set to 'High' Shared n/a Configure alert notifications to be sent for high-severity issues only. 3
CIS_Controls_v8.1 13.11 CIS_Controls_v8.1_13.11 CIS Controls v8.1 13.11 Network Monitoring and Defense Tune security event alerting thresholds Shared Tune security event alerting thresholds monthly, or more frequently. To regularly adjust and optimize security event alerting thresholds, aiming to enhance effectiveness. 50
CIS_Controls_v8.1 17.2 CIS_Controls_v8.1_17.2 CIS Controls v8.1 17.2 Incident Response Management Establish and maintain contact information for reporting security incidents Shared 1. Establish and maintain contact information for parties that need to be informed of security incidents. 2. Contacts may include internal staff, third-party vendors, law enforcement, cyber insurance providers, relevant government agencies, Information Sharing and Analysis Center (ISAC) partners, or other stakeholders. 3. Verify contacts annually to ensure that information is up-to-date. To establish and maintain a comprehensive contact list for entities that need to be notified in the event of security incidents. 3
CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Secure Configuration of Enterprise Assets and Software Establish and maintain a secure configuration process. Shared 1. Establish and maintain a secure configuration process for enterprise assets (end-user devices, including portable and mobile; non-computing/IoT devices; and servers) and software (operating systems and applications). 2. Review and update documentation annually, or when significant enterprise changes occur that could impact this safeguard. To ensure data integrity and safety of enterprise assets. 44
FedRAMP_High_R4 SI-5 FedRAMP_High_R4_SI-5 FedRAMP High SI-5 System And Information Integrity Security Alerts, Advisories, And Directives Shared n/a The organization: a. Receives information system security alerts, advisories, and directives from [Assignment: organization-defined external organizations] on an ongoing basis; b. Generates internal security alerts, advisories, and directives as deemed necessary; c. Disseminates security alerts, advisories, and directives to: [Selection (one or more): [Assignment: organization-defined personnel or roles]; [Assignment: organization-defined elements within the organization]; [Assignment: organization-defined external organizations]]; and d. Implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance. Supplemental Guidance: The United States Computer Emergency Readiness Team (US-CERT) generates security alerts and advisories to maintain situational awareness across the federal government. Security directives are issued by OMB or other designated organizations with the responsibility and authority to issue such directives. Compliance to security directives is essential due to the critical nature of many of these directives and the potential immediate adverse effects on organizational operations and assets, individuals, other organizations, and the Nation should the directives not be implemented in a timely manner. External organizations include, for example, external mission/business partners, supply chain partners, external service providers, and other peer/supporting organizations. Related control: SI-2. References: NIST Special Publication 800-40. link 4
FedRAMP_Moderate_R4 SI-5 FedRAMP_Moderate_R4_SI-5 FedRAMP Moderate SI-5 System And Information Integrity Security Alerts, Advisories, And Directives Shared n/a The organization: a. Receives information system security alerts, advisories, and directives from [Assignment: organization-defined external organizations] on an ongoing basis; b. Generates internal security alerts, advisories, and directives as deemed necessary; c. Disseminates security alerts, advisories, and directives to: [Selection (one or more): [Assignment: organization-defined personnel or roles]; [Assignment: organization-defined elements within the organization]; [Assignment: organization-defined external organizations]]; and d. Implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance. Supplemental Guidance: The United States Computer Emergency Readiness Team (US-CERT) generates security alerts and advisories to maintain situational awareness across the federal government. Security directives are issued by OMB or other designated organizations with the responsibility and authority to issue such directives. Compliance to security directives is essential due to the critical nature of many of these directives and the potential immediate adverse effects on organizational operations and assets, individuals, other organizations, and the Nation should the directives not be implemented in a timely manner. External organizations include, for example, external mission/business partners, supply chain partners, external service providers, and other peer/supporting organizations. Related control: SI-2. References: NIST Special Publication 800-40. link 4
hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 12 Audit Logging & Monitoring 1222.09ab3System.8-09.ab 09.10 Monitoring Shared n/a The organization analyzes and correlates audit records across different repositories using a security information and event management (SIEM) tool or log analytics tools for log aggregation and consolidation from multiple systems/machines/devices, and correlates this information with input from non-technical sources to gain and enhance organization-wide situational awareness. Using the SIEM tool, the organization devise profiles of common events from given systems/machines/devices so that it can tune detection to focus on unusual activity, avoid false positives, more rapidly identify anomalies, and prevent overwhelming analysts with insignificant alerts. 10
ISO27001-2013 A.6.1.4 ISO27001-2013_A.6.1.4 ISO 27001:2013 A.6.1.4 Organization of Information Security Contact with special interest groups Shared n/a Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained. link 6
NIST_SP_800-53_R4 SI-5 NIST_SP_800-53_R4_SI-5 NIST SP 800-53 Rev. 4 SI-5 System And Information Integrity Security Alerts, Advisories, And Directives Shared n/a The organization: a. Receives information system security alerts, advisories, and directives from [Assignment: organization-defined external organizations] on an ongoing basis; b. Generates internal security alerts, advisories, and directives as deemed necessary; c. Disseminates security alerts, advisories, and directives to: [Selection (one or more): [Assignment: organization-defined personnel or roles]; [Assignment: organization-defined elements within the organization]; [Assignment: organization-defined external organizations]]; and d. Implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance. Supplemental Guidance: The United States Computer Emergency Readiness Team (US-CERT) generates security alerts and advisories to maintain situational awareness across the federal government. Security directives are issued by OMB or other designated organizations with the responsibility and authority to issue such directives. Compliance to security directives is essential due to the critical nature of many of these directives and the potential immediate adverse effects on organizational operations and assets, individuals, other organizations, and the Nation should the directives not be implemented in a timely manner. External organizations include, for example, external mission/business partners, supply chain partners, external service providers, and other peer/supporting organizations. Related control: SI-2. References: NIST Special Publication 800-40. link 4
NIST_SP_800-53_R5 SI-5 NIST_SP_800-53_R5_SI-5 NIST SP 800-53 Rev. 5 SI-5 System and Information Integrity Security Alerts, Advisories, and Directives Shared n/a a. Receive system security alerts, advisories, and directives from [Assignment: organization-defined external organizations] on an ongoing basis; b. Generate internal security alerts, advisories, and directives as deemed necessary; c. Disseminate security alerts, advisories, and directives to: [Selection (OneOrMore): [Assignment: organization-defined personnel or roles] ; [Assignment: organization-defined elements within the organization] ; [Assignment: organization-defined external organizations] ] ; and d. Implement security directives in accordance with established time frames, or notify the issuing organization of the degree of noncompliance. link 4
op.exp.7 Incident management op.exp.7 Incident management 404 not found n/a n/a 103
org.2 Security regulations org.2 Security regulations 404 not found n/a n/a 100
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
CIS Azure Foundations v2.1.0 fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85 Regulatory Compliance GA BuiltIn unknown
CIS Controls v8.1 046796ef-e8a7-4398-bbe9-cce970b1a3ae Regulatory Compliance GA BuiltIn unknown
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn true
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn true
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn unknown
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn true
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn true
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn true
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 171e377b-5224-4a97-1eaa-62a3b5231dac
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC