last sync: 2023-Jan-27 18:40:07 UTC

Azure Policy definition

Maintain availability of information

Name Maintain availability of information
Azure Portal
Id 3ad7f0bc-3d03-0585-4d24-529779bb02c2
Version 1.1.0
details on versioning
Category Regulatory Compliance
Microsoft docs
Description CMA_C1644 - Maintain availability of information
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Manual
Allowed
Manual, Disabled
RBAC
Role(s)
none
Rule
Aliases
Rule
ResourceTypes
IF (1)
Microsoft.Resources/subscriptions
Compliance The following 11 compliance controls are associated with this Policy definition 'Maintain availability of information' (3ad7f0bc-3d03-0585-4d24-529779bb02c2)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
CIS_Azure_1.1.0 8.4 CIS_Azure_1.1.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 8 Other Security Considerations Ensure the key vault is recoverable Shared The customer is responsible for implementing this recommendation. The key vault contains object keys, secrets and certificates. Accidental unavailability of a key vault can cause immediate data loss or loss of security functions (authentication, validation, verification, non-repudiation, etc.) supported by the key vault objects. It is recommended the key vault be made recoverable by enabling the "Do Not Purge" and "Soft Delete" functions. This is in order to prevent loss of encrypted data including storage accounts, SQL databases, and/or dependent services provided by key vault objects (Keys, Secrets, Certificates) etc., as may happen in the case of accidental deletion by a user or from disruptive activity by a malicious user. link 3
CIS_Azure_1.3.0 8.4 CIS_Azure_1.3.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 8 Other Security Considerations Ensure the key vault is recoverable Shared The customer is responsible for implementing this recommendation. The key vault contains object keys, secrets and certificates. Accidental unavailability of a key vault can cause immediate data loss or loss of security functions (authentication, validation, verification, non-repudiation, etc.) supported by the key vault objects. It is recommended the key vault be made recoverable by enabling the "Do Not Purge" and "Soft Delete" functions. This is in order to prevent loss of encrypted data including storage accounts, SQL databases, and/or dependent services provided by key vault objects (Keys, Secrets, Certificates) etc., as may happen in the case of accidental deletion by a user or from disruptive activity by a malicious user. link 2
CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 9 AppService Ensure Azure Keyvaults are used to store secrets Shared The customer is responsible for implementing this recommendation. Encryption keys ,Certificate thumbprints and Managed Identity Credentials can be coded into the APP service, this renders them visible as part of the configuration, to maintain security of these keys it is better to store in an Azure Keyvault and reference them from the Keyvault. link 9
CIS_Azure_1.4.0 8.6 CIS_Azure_1.4.0_8.6 CIS Microsoft Azure Foundations Benchmark recommendation 8.6 8 Other Security Considerations Ensure the key vault is recoverable Shared The customer is responsible for implementing this recommendation. The key vault contains object keys, secrets and certificates. Accidental unavailability of a key vault can cause immediate data loss or loss of security functions (authentication, validation, verification, non-repudiation, etc.) supported by the key vault objects. It is recommended the key vault be made recoverable by enabling the "Do Not Purge" and "Soft Delete" functions. This is in order to prevent loss of encrypted data including storage accounts, SQL databases, and/or dependent services provided by key vault objects (Keys, Secrets, Certificates) etc., as may happen in the case of accidental deletion by a user or from disruptive activity by a malicious user. link 2
CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 9 AppService Ensure Azure Keyvaults are Used to Store Secrets Shared The customer is responsible for implementing this recommendation. Encryption keys ,Certificate thumbprints and Managed Identity Credentials can be coded into the APP service, this renders them visible as part of the configuration, to maintain security of these keys it is better to store in an Azure Keyvault and reference them from the Keyvault. link 9
FedRAMP_High_R4 SC-12(1) FedRAMP_High_R4_SC-12(1) FedRAMP High SC-12 (1) System And Communications Protection Availability Shared n/a The organization maintains availability of information in the event of the loss of cryptographic keys by users. Supplemental Guidance: Escrowing of encryption keys is a common practice for ensuring availability in the event of loss of keys (e.g., due to forgotten passphrase). link 1
NIST_SP_800-53_R4 SC-12(1) NIST_SP_800-53_R4_SC-12(1) NIST SP 800-53 Rev. 4 SC-12 (1) System And Communications Protection Availability Shared n/a The organization maintains availability of information in the event of the loss of cryptographic keys by users. Supplemental Guidance: Escrowing of encryption keys is a common practice for ensuring availability in the event of loss of keys (e.g., due to forgotten passphrase). link 1
NIST_SP_800-53_R5 SC-12(1) NIST_SP_800-53_R5_SC-12(1) NIST SP 800-53 Rev. 5 SC-12 (1) System and Communications Protection Availability Shared n/a Maintain availability of information in the event of the loss of cryptographic keys by users. link 1
PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Requirement 03: Protect Stored Account Data Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented Shared n/a Key-management policies and procedures are implemented to include secure storage of cryptographic keys used to Protect Stored Account Data. link 9
PCI_DSS_v4.0 4.2.1.1 PCI_DSS_v4.0_4.2.1.1 PCI DSS v4.0 4.2.1.1 Requirement 04: Protect Cardholder Data with Strong Cryptography During Transmission Over Open, Public Networks PAN is protected with strong cryptography during transmission Shared n/a An inventory of the entity’s trusted keys and certificates used to protect PAN during transmission is maintained. link 8
SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 2. Reduce Attack Surface and Vulnerabilities Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. Shared n/a Confidentiality, integrity, and authentication mechanisms are implemented to protect SWIFT-related component-to-component or system-to-system data flows. link 36
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-02 16:33:37 add 3ad7f0bc-3d03-0585-4d24-529779bb02c2
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
CIS Microsoft Azure Foundations Benchmark v1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d Regulatory Compliance GA BuiltIn
CIS Microsoft Azure Foundations Benchmark v1.3.0 612b5213-9160-4969-8578-1518bd2a000c Regulatory Compliance GA BuiltIn
CIS Microsoft Azure Foundations Benchmark v1.4.0 c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5 Regulatory Compliance GA BuiltIn
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
JSON
changes

JSON