AzPolicyAdvertizer

last sync: 2025-May-23 18:27:10 UTC

Ensure authorized users protect provided authenticators | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Ensure authorized users protect provided authenticators

37dbe3dc-0e9c-24fa-36f2-11197cbfa207

Version

1.1.0
Details on versioning

Versioning

Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]

Category

Regulatory Compliance
Microsoft Learn

Description

CMA_C1339 - Ensure authorized users protect provided authenticators

Cloud environments

AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown

Available in AzUSGov

The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'

Additional metadata

Name/Id: CMA_C1339 / CMA_C1339
Category: Operational
Title: Ensure authorized users protect provided authenticators
Ownership: Customer
Description: The customer agency is responsible for ensuring their authorized users protect all provided authenticators, including passwords. Customer agency users should protect authenticators with the classification or sensitivity of the information accessed.
Requirements: The customer is responsible for implementing this recommendation.

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Manual
Allowed
Manual, Disabled

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (1)

Microsoft.Resources/subscriptions

Compliance

The following 7 compliance controls are associated with this Policy definition 'Ensure authorized users protect provided authenticators' (37dbe3dc-0e9c-24fa-36f2-11197cbfa207)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
FedRAMP_High_R4	IA-5(6)	FedRAMP_High_R4_IA-5(6)	FedRAMP High IA-5 (6)	Identification And Authentication	Protection Of Authenticators	Shared	n/a	The organization protects authenticators commensurate with the security category of the information to which use of the authenticator permits access. Supplemental Guidance: For information systems containing multiple security categories of information without reliable physical or logical separation between categories, authenticators used to grant access to the systems are protected commensurate with the highest security category of information on the systems.	link	1
FedRAMP_Moderate_R4	IA-5(6)	FedRAMP_Moderate_R4_IA-5(6)	FedRAMP Moderate IA-5 (6)	Identification And Authentication	Protection Of Authenticators	Shared	n/a	The organization protects authenticators commensurate with the security category of the information to which use of the authenticator permits access. Supplemental Guidance: For information systems containing multiple security categories of information without reliable physical or logical separation between categories, authenticators used to grant access to the systems are protected commensurate with the highest security category of information on the systems.	link	1
hipaa	0306.09q1Organizational.3-09.q	hipaa-0306.09q1Organizational.3-09.q	0306.09q1Organizational.3-09.q	03 Portable Media Security	0306.09q1Organizational.3-09.q 09.07 Media Handling	Shared	n/a	The status and location of unencrypted covered information is maintained and monitored.		6
NIST_SP_800-171_R2_3	.5.10	NIST_SP_800-171_R2_3.5.10	NIST SP 800-171 R2 3.5.10	Identification and Authentication	Store and transmit only cryptographically-protected passwords.	Shared	Microsoft and the customer share responsibilities for implementing this requirement.	Cryptographically-protected passwords use salted one-way cryptographic hashes of passwords. See [NIST CRYPTO].	link	9
NIST_SP_800-53_R4	IA-5(6)	NIST_SP_800-53_R4_IA-5(6)	NIST SP 800-53 Rev. 4 IA-5 (6)	Identification And Authentication	Protection Of Authenticators	Shared	n/a	The organization protects authenticators commensurate with the security category of the information to which use of the authenticator permits access. Supplemental Guidance: For information systems containing multiple security categories of information without reliable physical or logical separation between categories, authenticators used to grant access to the systems are protected commensurate with the highest security category of information on the systems.	link	1
NIST_SP_800-53_R5	IA-5(6)	NIST_SP_800-53_R5_IA-5(6)	NIST SP 800-53 Rev. 5 IA-5 (6)	Identification and Authentication	Protection of Authenticators	Shared	n/a	Protect authenticators commensurate with the security category of the information to which use of the authenticator permits access.	link	1
PCI_DSS_v4.0	8.3.2	PCI_DSS_v4.0_8.3.2	PCI DSS v4.0 8.3.2	Requirement 08: Identify Users and Authenticate Access to System Components	Strong authentication for users and administrators is established and managed	Shared	n/a	Strong cryptography is used to render all authentication factors unreadable during transmission and storage on all system components.	link	2

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type	polSet in AzUSGov
FedRAMP High	d5264498-16f4-418a-b659-fa7ef418175f	Regulatory Compliance	GA	BuiltIn	true
FedRAMP Moderate	e95f5a9f-57ad-4d03-bb0b-b1d16db93693	Regulatory Compliance	GA	BuiltIn	true
HITRUST/HIPAA	a169a624-5599-4385-a696-c8d643089fab	Regulatory Compliance	GA	BuiltIn	unknown
NIST SP 800-171 Rev. 2	03055927-78bd-4236-86c0-f36125a10dc9	Regulatory Compliance	GA	BuiltIn	true
NIST SP 800-53 Rev. 4	cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f	Regulatory Compliance	GA	BuiltIn	true
NIST SP 800-53 Rev. 5	179d1daa-458f-4e47-8086-2a68d0d6c38f	Regulatory Compliance	GA	BuiltIn	true
PCI DSS v4	c676748e-3af9-4e22-bc28-50feed564afb	Regulatory Compliance	GA	BuiltIn	true

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	change	Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29	add	37dbe3dc-0e9c-24fa-36f2-11197cbfa207

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC