AzPolicyAdvertizer

last sync: 2025-Jul-25 17:39:48 UTC

Ensure authorized users protect provided authenticators | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Ensure authorized users protect provided authenticators
Id 37dbe3dc-0e9c-24fa-36f2-11197cbfa207
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1339 - Ensure authorized users protect provided authenticators
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'
Additional metadata Name/Id: CMA_C1339 / CMA_C1339
Category: Operational
Title: Ensure authorized users protect provided authenticators
Ownership: Customer
Description: The customer agency is responsible for ensuring their authorized users protect all provided authenticators, including passwords. Customer agency users should protect authenticators with the classification or sensitivity of the information accessed.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Compliance
The following 7 compliance controls are associated with this Policy definition 'Ensure authorized users protect provided authenticators' (37dbe3dc-0e9c-24fa-36f2-11197cbfa207)
Rows: 1-7 / 7

Columns:

Close

Columns▼Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 1
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 IA-5(6) FedRAMP_High_R4_IA-5(6) FedRAMP High IA-5 (6) Identification And Authentication Protection Of Authenticators Shared n/a The organization protects authenticators commensurate with the security category of the information to which use of the authenticator permits access. Supplemental Guidance: For information systems containing multiple security categories of information without reliable physical or logical separation between categories, authenticators used to grant access to the systems are protected commensurate with the highest security category of information on the systems. link 1
FedRAMP_Moderate_R4 IA-5(6) FedRAMP_Moderate_R4_IA-5(6) FedRAMP Moderate IA-5 (6) Identification And Authentication Protection Of Authenticators Shared n/a The organization protects authenticators commensurate with the security category of the information to which use of the authenticator permits access. Supplemental Guidance: For information systems containing multiple security categories of information without reliable physical or logical separation between categories, authenticators used to grant access to the systems are protected commensurate with the highest security category of information on the systems. link 1
hipaa 0306.09q1Organizational.3-09.q hipaa-0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 03 Portable Media Security 0306.09q1Organizational.3-09.q 09.07 Media Handling Shared n/a The status and location of unencrypted covered information is maintained and monitored. 6
NIST_SP_800-171_R2_3 .5.10 NIST_SP_800-171_R2_3.5.10 NIST SP 800-171 R2 3.5.10 Identification and Authentication Store and transmit only cryptographically-protected passwords. Shared Microsoft and the customer share responsibilities for implementing this requirement. Cryptographically-protected passwords use salted one-way cryptographic hashes of passwords. See [NIST CRYPTO]. link 9
NIST_SP_800-53_R4 IA-5(6) NIST_SP_800-53_R4_IA-5(6) NIST SP 800-53 Rev. 4 IA-5 (6) Identification And Authentication Protection Of Authenticators Shared n/a The organization protects authenticators commensurate with the security category of the information to which use of the authenticator permits access. Supplemental Guidance: For information systems containing multiple security categories of information without reliable physical or logical separation between categories, authenticators used to grant access to the systems are protected commensurate with the highest security category of information on the systems. link 1
NIST_SP_800-53_R5 IA-5(6) NIST_SP_800-53_R5_IA-5(6) NIST SP 800-53 Rev. 5 IA-5 (6) Identification and Authentication Protection of Authenticators Shared n/a Protect authenticators commensurate with the security category of the information to which use of the authenticator permits access. link 1
PCI_DSS_v4.0 8.3.2 PCI_DSS_v4.0_8.3.2 PCI DSS v4.0 8.3.2 Requirement 08: Identify Users and Authenticate Access to System Components Strong authentication for users and administrators is established and managed Shared n/a Strong cryptography is used to render all authentication factors unreadable during transmission and storage on all system components. link 2
Initiatives usage
Rows: 1-7 / 7
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 1
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn true
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn true
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn unknown
NIST SP 800-171 Rev. 2 03055927-78bd-4236-86c0-f36125a10dc9 Regulatory Compliance GA BuiltIn true
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn true
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn true
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn true
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add 37dbe3dc-0e9c-24fa-36f2-11197cbfa207
JSON compare
compare mode: version left: version right:
1.0.0 → 1.1.0 RENAMED
@@ -3,9 +3,9 @@
3
  "policyType": "BuiltIn",
4
  "mode": "All",
5
  "description": "CMA_C1339 - Ensure authorized users protect provided authenticators",
6
  "metadata": {
7
- "version": "1.0.0",
8
  "category": "Regulatory Compliance",
9
  "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMA_C1339"
10
  },
11
  "parameters": {
@@ -29,9 +29,9 @@
29
  },
30
  "then": {
31
  "effect": "[parameters('effect')]",
32
  "details": {
33
- "defaultState": "NonCompliant"
34
  }
35
  }
36
  }
37
  }
 
3
  "policyType": "BuiltIn",
4
  "mode": "All",
5
  "description": "CMA_C1339 - Ensure authorized users protect provided authenticators",
6
  "metadata": {
7
+ "version": "1.1.0",
8
  "category": "Regulatory Compliance",
9
  "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMA_C1339"
10
  },
11
  "parameters": {
 
29
  },
30
  "then": {
31
  "effect": "[parameters('effect')]",
32
  "details": {
33
+ "defaultState": "Unknown"
34
  }
35
  }
36
  }
37
  }
JSON
api-version=2021-06-01
EPAC 
{7 items}