Source | Azure Portal | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Display name | Isolate information spills | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Id | 22457e81-3ec6-5271-a786-c3ca284601dd | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Version | 1.1.0 Details on versioning |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Category | Regulatory Compliance Microsoft Learn |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Description | CMA_0346 - Isolate information spills | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Additional metadata |
Name/Id: CMA_0346 / CMA_0346 Category: Operational Title: Isolate information spills Ownership: Customer Description: Microsoft recommends that your organization isolate any contaminated information system or system component involved in an information spill. Your organization should consider creating and maintaining an overall security incident response plan. Incidents of data spillage may occur at any time. Therefore, you should be prepared to deal with these incidents immediately. It is recommended that you identify and document the steps that the organization follows in spillage scenarios to access, identify, and delete data. Automate manual repetitive tasks to speed up response time and reduce the burden on analysts. Manual tasks take longer to execute, slowing each incident and reducing how many incidents an analyst can handle. Manual tasks also increase analyst fatigue, which increases the risk of human error that causes delays, and degrades the ability of analysts to focus effectively on complex tasks. Use workflow automation features in Azure Security Center and Azure Sentinel to automatically trigger actions or run a playbook to respond to incoming security alerts. The playbook takes actions, such as sending notifications, disabling accounts, and isolating problematic networks. Learn more: https://docs.microsoft.com/security/benchmark/azure/security-controls-v2-incident-response#ir-6-containment-eradication-and-recovery--automate-the-incident-handling https://docs.microsoft.com/azure/security-center/workflow-automation https://docs.microsoft.com/azure/security-center/tutorial-security-incident#triage-security-alerts Requirements: The customer is responsible for implementing this recommendation. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mode | All | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Type | BuiltIn | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Preview | False | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Deprecated | False | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Effect | Default Manual Allowed Manual, Disabled |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
RBAC role(s) | none | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Rule aliases | none | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Rule resource types | IF (1) Microsoft.Resources/subscriptions |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Compliance |
The following 4 compliance controls are associated with this Policy definition 'Isolate information spills' (22457e81-3ec6-5271-a786-c3ca284601dd)
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Initiatives usage |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
History |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
JSON compare |
compare mode:
version left:
version right:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
JSON |
|