last sync: 2024-Jun-13 18:14:14 UTC

Employ automatic shutdown/restart when violations are detected | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Employ automatic shutdown/restart when violations are detected
Id 1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1715 - Employ automatic shutdown/restart when violations are detected
Additional metadata Name/Id: CMA_C1715 / CMA_C1715
Category: Operational
Title: Employ automatic shutdown/restart when violations are detected
Ownership: Customer
Description: The customer is responsible for automatically shutting down or restarting customer-deployed resources, and/or implementing customer-defined security safeguards when integrity violations are discovered.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 13 compliance controls are associated with this Policy definition 'Employ automatic shutdown/restart when violations are detected' (1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 SI-7(5) FedRAMP_High_R4_SI-7(5) FedRAMP High SI-7 (5) System And Information Integrity Automated Response To Integrity Violations Shared n/a The information system automatically [Selection (one or more): shuts the information system down; restarts the information system; implements [Assignment: organization-defined security safeguards]] when integrity violations are discovered. Supplemental Guidance: Organizations may define different integrity checking and anomaly responses: (i) by type of information (e.g., firmware, software, user data); (ii) by specific information (e.g., boot firmware, boot firmware for a specific types of machines); or (iii) a combination of both. Automatic implementation of specific safeguards within organizational information systems includes, for example, reversing the changes, halting the information system, or triggering audit alerts when unauthorized modifications to critical security files occur. link 1
hipaa 0209.09m3Organizational.7-09.m hipaa-0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 02 Endpoint Protection 0209.09m3Organizational.7-09.m 09.06 Network Security Management Shared n/a File sharing is disabled on wireless-enabled devices. 6
hipaa 0626.10h1System.3-10.h hipaa-0626.10h1System.3-10.h 0626.10h1System.3-10.h 06 Configuration Management 0626.10h1System.3-10.h 10.04 Security of System Files Shared n/a Operational systems only hold approved programs or executable code. 3
hipaa 0628.10h1System.6-10.h hipaa-0628.10h1System.6-10.h 0628.10h1System.6-10.h 06 Configuration Management 0628.10h1System.6-10.h 10.04 Security of System Files Shared n/a If systems or system components in production are no longer supported by the developer, vendor, or manufacturer, the organization is able to provide evidence of a formal migration plan approved by management to replace the system or system components. 4
hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 06 Configuration Management 0663.10h1System.7-10.h 10.04 Security of System Files Shared n/a The operating system has in place supporting technical controls such as antivirus, file integrity monitoring, host-based (personal) firewalls or port filtering tools, and logging as part of its baseline. 16
hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 06 Configuration Management 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes Shared n/a The integrity of all virtual machine images is ensured at all times by (i) logging and raising an alert for any changes made to virtual machine images, and (ii) making available to the business owner(s) and/or customer(s) through electronic methods (e.g., portals or alerts) the results of a change or move and the subsequent validation of the image's integrity. 12
hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 08 Network Protection 0869.09m3Organizational.19-09.m 09.06 Network Security Management Shared n/a The router configuration files are secured and synchronized. 11
hipaa 1206.09aa2System.23-09.aa hipaa-1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 12 Audit Logging & Monitoring 1206.09aa2System.23-09.aa 09.10 Monitoring Shared n/a Auditing is always available while the system is active and tracks key events, success/failed data access, system security configuration changes, privileged or utility use, any alarms raised, activation and de-activation of protection systems (e.g., A/V and IDS), activation and deactivation of identification and authentication mechanisms, and creation and deletion of system-level objects. 6
NIST_SP_800-53_R4 SI-7(5) NIST_SP_800-53_R4_SI-7(5) NIST SP 800-53 Rev. 4 SI-7 (5) System And Information Integrity Automated Response To Integrity Violations Shared n/a The information system automatically [Selection (one or more): shuts the information system down; restarts the information system; implements [Assignment: organization-defined security safeguards]] when integrity violations are discovered. Supplemental Guidance: Organizations may define different integrity checking and anomaly responses: (i) by type of information (e.g., firmware, software, user data); (ii) by specific information (e.g., boot firmware, boot firmware for a specific types of machines); or (iii) a combination of both. Automatic implementation of specific safeguards within organizational information systems includes, for example, reversing the changes, halting the information system, or triggering audit alerts when unauthorized modifications to critical security files occur. link 1
NIST_SP_800-53_R5 SI-7(5) NIST_SP_800-53_R5_SI-7(5) NIST SP 800-53 Rev. 5 SI-7 (5) System and Information Integrity Automated Response to Integrity Violations Shared n/a Automatically [Selection (OneOrMore): shut the system down;restart the system;implement [Assignment: organization-defined controls] ] when integrity violations are discovered. link 1
PCI_DSS_v4.0 11.5.2 PCI_DSS_v4.0_11.5.2 PCI DSS v4.0 11.5.2 Requirement 11: Test Security of Systems and Networks Regularly Network intrusions and unexpected file changes are detected and responded to Shared n/a A change-detection mechanism (for example, file integrity monitoring tools) is deployed as follows: • To alert personnel to unauthorized modification (including changes, additions, and deletions) of critical files • To perform critical file comparisons at least once weekly. link 3
PCI_DSS_v4.0 11.6.1 PCI_DSS_v4.0_11.6.1 PCI DSS v4.0 11.6.1 Requirement 11: Test Security of Systems and Networks Regularly Unauthorized changes on payment pages are detected and responded to Shared n/a A change- and tamper-detection mechanism is deployed as follows: • To alert personnel to unauthorized modification (including indicators of compromise, changes, additions, and deletions) to the HTTP headers and the contents of payment pages as received by the consumer browser. • The mechanism is configured to evaluate the received HTTP header and payment page. • The mechanism functions are performed as follows: – At least once every seven days OR – Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). link 3
SWIFT_CSCF_v2022 6.2 SWIFT_CSCF_v2022_6.2 SWIFT CSCF v2022 6.2 6. Detect Anomalous Activity to Systems or Transaction Records Ensure the software integrity of the SWIFT-related components and act upon results. Shared n/a A software integrity check is performed at regular intervals on messaging interface, communication interface, and other SWIFT-related components and results are considered for appropriate resolving actions. link 6
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC