last sync: 2024-May-24 18:03:04 UTC

Microsoft Managed Control 1637 - Boundary Protection | Fail Secure | Regulatory Compliance - System and Communications Protection

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1637 - Boundary Protection | Fail Secure
Id 4075bedc-c62a-4635-bede-a01be89807f3
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this System and Communications Protection control
Additional metadata Name/Id: ACF1637 / Microsoft Managed Control 1637
Category: System and Communications Protection
Title: Boundary Protection | Fail Secure
Ownership: Microsoft
Description: The information system fails securely in the event of an operational failure of a boundary protection device.
Requirements: Azure deploys geographically separate and redundant boundary protection network devices and Jumpboxesand SSL VPN servers. When an asset fails, it fails securely, and access is restricted to the environment. If Azure network devices, including but not limited to edge routers, access routers, load balancers, aggregation switches, and TORS fail, the affected circuit becomes disconnected, thereby failing securely. A failure of an Azure network device cannot lead to, or cause, information external to the system entering the device, nor can a failure permit unauthorized information release. The built-in redundancy allows Azure assets to fail without influencing availability. Many Azure network devices are configured to reboot in the event of failure, rather than remaining offline.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC