AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

Configure detection whitelist | Regulatory Compliance - Documentation

Azure BuiltIn Policy definition

Source Azure Portal
Display name Configure detection whitelist
Id 2927e340-60e4-43ad-6b5f-7a1468232cc2
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_0068 - Configure detection whitelist
Additional metadata Name/Id: CMA_0068 / CMA_0068
Category: Documentation
Title: Configure detection whitelist
Ownership: Customer
Description: Microsoft recommends that your organization set up the exclusion of specific IP addresses or users from detections through a security scanning mechanism. Excluding specific entities/users from triggering alerts can minimize false positives, this facilitating the identification of true positives. It is also recommended to add exclusions to detections carefully and after verification, in order to minimize the creation of blind spots. How to Use Microsoft Solutions to Implement: Your organization can configure detection exclusion mechanisms to exclude specific IP addresses or identities from security scanning. Select **Launch Now** and select **Detection** > **Configuration** > **Exclusions** within Microsoft Defender for Identity settings to enter a user account or IP address to be excluded from the detection, for each type of threat. You can also select the **+** sign to add searchable entity (user or computer) and will autofill with entities in your network. [Launch Now](https://aka.ms/AAb2lea) https://docs.microsoft.com/azure/security-center/azure-defender Learn more: [Configure detection exclusions](https://aka.ms/AAb2m2m)
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 21 compliance controls are associated with this Policy definition 'Configure detection whitelist' (2927e340-60e4-43ad-6b5f-7a1468232cc2)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 CA-7 FedRAMP_High_R4_CA-7 FedRAMP High CA-7 Security Assessment And Authorization Continuous Monitoring Shared n/a The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: a. Establishment of [Assignment: organization-defined metrics] to be monitored; b. Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring; c. Ongoing security control assessments in accordance with the organizational continuous monitoring strategy; d. Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy; e. Correlation and analysis of security-related information generated by assessments and monitoring; f. Response actions to address results of the analysis of security-related information; and g. Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency]. Supplemental Guidance: Continuous monitoring programs facilitate ongoing awareness of threats, vulnerabilities, and information security to support organizational risk management decisions. The terms continuous and ongoing imply that organizations assess/analyze security controls and information security-related risks at a frequency sufficient to support organizational risk-based decisions. The results of continuous monitoring programs generate appropriate risk response actions by organizations. Continuous monitoring programs also allow organizations to maintain the security authorizations of information systems and common controls over time in highly dynamic environments of operation with changing mission/business needs, threats, vulnerabilities, and technologies. Having access to security-related information on a continuing basis through reports/dashboards gives organizational officials the capability to make more effective and timely risk management decisions, including ongoing security authorization decisions. Automation supports more frequent updates to security authorization packages, hardware/software/firmware inventories, and other system information. Effectiveness is further enhanced when continuous monitoring outputs are formatted to provide information that is specific, measurable, actionable, relevant, and timely. Continuous monitoring activities are scaled in accordance with the security categories of information systems. Related controls: CA-2, CA-5, CA-6, CM-3, CM-4, PM-6, PM-9, RA-5, SA-11, SA-12, SI-2, SI-4. References: OMB Memorandum 11-33; NIST Special Publications 800-37, 800-39, 800-53A, 800-115, 800-137; US-CERT Technical Cyber Security Alerts; DoD Information Assurance Vulnerability Alerts. link 3
FedRAMP_Moderate_R4 CA-7 FedRAMP_Moderate_R4_CA-7 FedRAMP Moderate CA-7 Security Assessment And Authorization Continuous Monitoring Shared n/a The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: a. Establishment of [Assignment: organization-defined metrics] to be monitored; b. Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring; c. Ongoing security control assessments in accordance with the organizational continuous monitoring strategy; d. Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy; e. Correlation and analysis of security-related information generated by assessments and monitoring; f. Response actions to address results of the analysis of security-related information; and g. Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency]. Supplemental Guidance: Continuous monitoring programs facilitate ongoing awareness of threats, vulnerabilities, and information security to support organizational risk management decisions. The terms continuous and ongoing imply that organizations assess/analyze security controls and information security-related risks at a frequency sufficient to support organizational risk-based decisions. The results of continuous monitoring programs generate appropriate risk response actions by organizations. Continuous monitoring programs also allow organizations to maintain the security authorizations of information systems and common controls over time in highly dynamic environments of operation with changing mission/business needs, threats, vulnerabilities, and technologies. Having access to security-related information on a continuing basis through reports/dashboards gives organizational officials the capability to make more effective and timely risk management decisions, including ongoing security authorization decisions. Automation supports more frequent updates to security authorization packages, hardware/software/firmware inventories, and other system information. Effectiveness is further enhanced when continuous monitoring outputs are formatted to provide information that is specific, measurable, actionable, relevant, and timely. Continuous monitoring activities are scaled in accordance with the security categories of information systems. Related controls: CA-2, CA-5, CA-6, CM-3, CM-4, PM-6, PM-9, RA-5, SA-11, SA-12, SI-2, SI-4. References: OMB Memorandum 11-33; NIST Special Publications 800-37, 800-39, 800-53A, 800-115, 800-137; US-CERT Technical Cyber Security Alerts; DoD Information Assurance Vulnerability Alerts. link 3
hipaa 0604.06g2Organizational.2-06.g hipaa-0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 06 Configuration Management 0604.06g2Organizational.2-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance Shared n/a The organization has developed a continuous monitoring strategy and implemented a continuous monitoring program. 7
hipaa 069.06g2Organizational.56-06.g hipaa-069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 06 Configuration Management 069.06g2Organizational.56-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance Shared n/a The internal security organization reviews and maintains records of compliance results (e.g., organization-defined metrics) in order to better track security trends within the organization, respond to the results of correlation and analysis, and address longer term areas of concern as part of its formal risk assessment process. 7
hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 08 Network Protection 0824.09m3Organizational.1-09.m 09.06 Network Security Management Shared n/a The impact of the loss of network service to the business is defined. 10
hipaa 0835.09n1Organizational.1-09.n hipaa-0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 08 Network Protection 0835.09n1Organizational.1-09.n 09.06 Network Security Management Shared n/a Agreed services provided by a network service provider/manager are formally managed and monitored to ensure they are provided securely. 7
ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance Compliance with security policies and standards Shared n/a Managers shall regularly review the compliance of information processing and procedures within their area of responsibility with the appropriate security policies, standards and any other security requirements. link 36
ISO27001-2013 C.9.1.a ISO27001-2013_C.9.1.a ISO 27001:2013 C.9.1.a Performance Evaluation Monitoring, measurement, analysis and evaluation Shared n/a The organization shall evaluate the information security performance and the effectiveness of the information security management system. The organization shall determine: a) what needs to be monitored and measured, including information security processes and controls. link 3
ISO27001-2013 C.9.1.b ISO27001-2013_C.9.1.b ISO 27001:2013 C.9.1.b Performance Evaluation Monitoring, measurement, analysis and evaluation Shared n/a The organization shall evaluate the information security performance and the effectiveness of the information security management system. The organization shall determine: b) the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results. link 3
ISO27001-2013 C.9.1.c ISO27001-2013_C.9.1.c ISO 27001:2013 C.9.1.c Performance Evaluation Monitoring, measurement, analysis and evaluation Shared n/a The organization shall evaluate the information security performance and the effectiveness of the information security management system. NOTE The methods selected should produce comparable and reproducible results to be considered valid. c) when the monitoring and measuring shall be performed. The organization shall retain appropriate documented information as evidence of the monitoring and measurement results. link 3
ISO27001-2013 C.9.1.d ISO27001-2013_C.9.1.d ISO 27001:2013 C.9.1.d Performance Evaluation Monitoring, measurement, analysis and evaluation Shared n/a The organization shall evaluate the information security performance and the effectiveness of the information security management system. NOTE The methods selected should produce comparable and reproducible results to be considered valid. d) who shall monitor and measure; The organization shall retain appropriate documented information as evidence of the monitoring and measurement results. link 3
ISO27001-2013 C.9.1.e ISO27001-2013_C.9.1.e ISO 27001:2013 C.9.1.e Performance Evaluation Monitoring, measurement, analysis and evaluation Shared n/a The organization shall evaluate the information security performance and the effectiveness of the information security management system. NOTE The methods selected should produce comparable and reproducible results to be considered valid. e) when the results from monitoring and measurement shall be analysed and evaluated. The organization shall retain appropriate documented information as evidence of the monitoring and measurement results. link 3
ISO27001-2013 C.9.1.f ISO27001-2013_C.9.1.f ISO 27001:2013 C.9.1.f Performance Evaluation Monitoring, measurement, analysis and evaluation Shared n/a The organization shall evaluate the information security performance and the effectiveness of the information security management system. NOTE The methods selected should produce comparable and reproducible results to be considered valid. f) who shall analyse and evaluate these results. The organization shall retain appropriate documented information as evidence of the monitoring and measurement results. link 3
NIST_SP_800-171_R2_3 .12.3 NIST_SP_800-171_R2_3.12.3 NIST SP 800-171 R2 3.12.3 Security Assessment Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. Shared Microsoft and the customer share responsibilities for implementing this requirement. Continuous monitoring programs facilitate ongoing awareness of threats, vulnerabilities, and information security to support organizational risk management decisions. The terms continuous and ongoing imply that organizations assess and analyze security controls and information security-related risks at a frequency sufficient to support risk-based decisions. The results of continuous monitoring programs generate appropriate risk response actions by organizations. Providing access to security information on a continuing basis through reports or dashboards gives organizational officials the capability to make effective and timely risk management decisions. Automation supports more frequent updates to hardware, software, firmware inventories, and other system information. Effectiveness is further enhanced when continuous monitoring outputs are formatted to provide information that is specific, measurable, actionable, relevant, and timely. Monitoring requirements, including the need for specific monitoring, may also be referenced in other requirements. [SP 800-137] provides guidance on continuous monitoring. link 3
NIST_SP_800-53_R4 CA-7 NIST_SP_800-53_R4_CA-7 NIST SP 800-53 Rev. 4 CA-7 Security Assessment And Authorization Continuous Monitoring Shared n/a The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: a. Establishment of [Assignment: organization-defined metrics] to be monitored; b. Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring; c. Ongoing security control assessments in accordance with the organizational continuous monitoring strategy; d. Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy; e. Correlation and analysis of security-related information generated by assessments and monitoring; f. Response actions to address results of the analysis of security-related information; and g. Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency]. Supplemental Guidance: Continuous monitoring programs facilitate ongoing awareness of threats, vulnerabilities, and information security to support organizational risk management decisions. The terms continuous and ongoing imply that organizations assess/analyze security controls and information security-related risks at a frequency sufficient to support organizational risk-based decisions. The results of continuous monitoring programs generate appropriate risk response actions by organizations. Continuous monitoring programs also allow organizations to maintain the security authorizations of information systems and common controls over time in highly dynamic environments of operation with changing mission/business needs, threats, vulnerabilities, and technologies. Having access to security-related information on a continuing basis through reports/dashboards gives organizational officials the capability to make more effective and timely risk management decisions, including ongoing security authorization decisions. Automation supports more frequent updates to security authorization packages, hardware/software/firmware inventories, and other system information. Effectiveness is further enhanced when continuous monitoring outputs are formatted to provide information that is specific, measurable, actionable, relevant, and timely. Continuous monitoring activities are scaled in accordance with the security categories of information systems. Related controls: CA-2, CA-5, CA-6, CM-3, CM-4, PM-6, PM-9, RA-5, SA-11, SA-12, SI-2, SI-4. References: OMB Memorandum 11-33; NIST Special Publications 800-37, 800-39, 800-53A, 800-115, 800-137; US-CERT Technical Cyber Security Alerts; DoD Information Assurance Vulnerability Alerts. link 3
NIST_SP_800-53_R5 CA-7 NIST_SP_800-53_R5_CA-7 NIST SP 800-53 Rev. 5 CA-7 Assessment, Authorization, and Monitoring Continuous Monitoring Shared n/a Develop a system-level continuous monitoring strategy and implement continuous monitoring in accordance with the organization-level continuous monitoring strategy that includes: a. Establishing the following system-level metrics to be monitored: [Assignment: organization-defined system-level metrics]; b. Establishing [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessment of control effectiveness; c. Ongoing control assessments in accordance with the continuous monitoring strategy; d. Ongoing monitoring of system and organization-defined metrics in accordance with the continuous monitoring strategy; e. Correlation and analysis of information generated by control assessments and monitoring; f. Response actions to address results of the analysis of control assessment and monitoring information; and g. Reporting the security and privacy status of the system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency]. link 3
op.mon.2 Metrics system op.mon.2 Metrics system 404 not found n/a n/a 3
org.2 Security regulations org.2 Security regulations 404 not found n/a n/a 100
PCI_DSS_v4.0 12.4.2 PCI_DSS_v4.0_12.4.2 PCI DSS v4.0 12.4.2 Requirement 12: Support Information Security with Organizational Policies and Programs PCI DSS compliance is managed Shared n/a Reviews are performed at least once every three months, by personnel other than those responsible for performing the given task to confirm personnel are performing their tasks, in accordance with all security policies and all operational procedures, including but not limited to the following tasks: • Daily log reviews. • Configuration reviews for network security controls. • Applying configuration standards to new systems. • Responding to security alerts. • Change-management processes. link 6
PCI_DSS_v4.0 12.4.2.1 PCI_DSS_v4.0_12.4.2.1 PCI DSS v4.0 12.4.2.1 Requirement 12: Support Information Security with Organizational Policies and Programs PCI DSS compliance is managed Shared n/a Reviews conducted in accordance with Requirement 12.4.2 are documented to include: • Results of the reviews. • Documented remediation actions taken for any tasks that were found to not be performed at Requirement 12.4.2. • Review and sign-off of results by personnel assigned responsibility for the PCI DSS compliance program. link 7
SOC_2 CC5.3 SOC_2_CC5.3 SOC 2 Type 2 CC5.3 Control Activities COSO Principle 12 Shared The customer is responsible for implementing this recommendation. Establishes Policies and Procedures to Support Deployment of Management’s Directives — Management establishes control activities that are built into business processes and employees’ day-to-day activities through policies establishing what is expected and relevant procedures specifying actions. • Establishes Responsibility and Accountability for Executing Policies and Procedures — Management establishes responsibility and accountability for control activities with management (or other designated personnel) of the business unit or function in which the relevant risks reside. • Performs in a Timely Manner — Responsible personnel perform control activities in a timely manner as defined by the policies and procedures. • Takes Corrective Action — Responsible personnel investigate and act on matters identified as a result of executing control activities. • Performs Using Competent Personnel — Competent personnel with sufficient authority perform control activities with diligence and continuing focus. • Reassesses Policies and Procedures — Management periodically reviews control activities to determine their continued relevance and refreshes them when necessary 4
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
NIST SP 800-171 Rev. 2 03055927-78bd-4236-86c0-f36125a10dc9 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn
SOC 2 Type 2 4054785f-702b-4a98-9215-009cbd58b141 Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add 2927e340-60e4-43ad-6b5f-7a1468232cc2
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC