AzPolicyAdvertizer

last sync: 2021-Sep-22 19:36:51 UTC

Azure Policy definition

Infrastructure encryption should be enabled for Azure Database for MySQL servers

Name Infrastructure encryption should be enabled for Azure Database for MySQL servers
Azure Portal
Id 3a58212a-c829-4f13-9872-6371df2fd0b4
Version 1.0.0
details on versioning
Category SQL
Microsoft docs
Description Enable infrastructure encryption for Azure Database for MySQL servers to have higher level of assurance that the data is secure. When infrastructure encryption is enabled, the data at rest is encrypted twice using FIPS 140-2 compliant Microsoft managed keys.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-10-20 13:29:33 add 3a58212a-c829-4f13-9872-6371df2fd0b4
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Preview]: CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance Preview
[Preview]: NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance Preview
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA
JSON 
{
  "displayName": "Infrastructure encryption should be enabled for Azure Database for MySQL servers",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Enable infrastructure encryption for Azure Database for MySQL servers to have higher level of assurance that the data is secure. When infrastructure encryption is enabled, the data at rest is encrypted twice using FIPS 140-2 compliant Microsoft managed keys.",
  "metadata": {
    "version": "1.0.0",
    "category": "SQL"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.DBforMySQL/servers"
        },
        {
          "field": "Microsoft.DBforMySQL/servers/infrastructureEncryption",
          "notEquals": "Enabled"
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]"
    }
  }
}