compliance controls are associated with this Policy definition 'Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host' (41425d9f-d1a5-499a-9932-f8ed8453932c)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| CMMC_2.0_L2 |
SC.L2-3.13.16 |
CMMC_2.0_L2_SC.L2-3.13.16 |
404 not found |
|
|
|
n/a |
n/a |
|
14 |
| DORA_2022_2554 |
9.3a |
DORA_2022_2554_9.3a |
DORA 2022 2554 9.3a |
9 |
Implement Secure Data Transfer Solutions for ICT Systems |
Shared |
n/a |
Leverage information and communication technology (ICT) solutions and processes that ensure the security of data transfer methods to protect against unauthorized access and data breaches. |
|
49 |
| DORA_2022_2554 |
9.3c |
DORA_2022_2554_9.3c |
DORA 2022 2554 9.3c |
9 |
Prevent Data Availability and Integrity Issues in ICT Systems |
Shared |
n/a |
Implement measures in information and communication technology (ICT) to prevent issues related to data availability, authenticity, integrity, confidentiality breaches, and data loss. |
|
57 |
| EU_GDPR_2016_679_Art. |
24 |
EU_GDPR_2016_679_Art._24 |
EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 |
Chapter 4 - Controller and processor |
Responsibility of the controller |
Shared |
n/a |
n/a |
|
287 |
| EU_GDPR_2016_679_Art. |
25 |
EU_GDPR_2016_679_Art._25 |
EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 |
Chapter 4 - Controller and processor |
Data protection by design and by default |
Shared |
n/a |
n/a |
|
287 |
| EU_GDPR_2016_679_Art. |
28 |
EU_GDPR_2016_679_Art._28 |
EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 |
Chapter 4 - Controller and processor |
Processor |
Shared |
n/a |
n/a |
|
287 |
| EU_GDPR_2016_679_Art. |
32 |
EU_GDPR_2016_679_Art._32 |
EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 |
Chapter 4 - Controller and processor |
Security of processing |
Shared |
n/a |
n/a |
|
287 |
| FedRAMP_High_R4 |
SC-28 |
FedRAMP_High_R4_SC-28 |
FedRAMP High SC-28 |
System And Communications Protection |
Protection Of Information At Rest |
Shared |
n/a |
The information system protects the [Selection (one or more): confidentiality; integrity] of [Assignment: organization-defined information at rest].
Supplemental Guidance: This control addresses the confidentiality and integrity of information at rest and covers user information and system information. Information at rest refers to the state of information when it is located on storage devices as specific components of information systems. System-related information requiring protection includes, for example, configurations or rule sets for firewalls, gateways, intrusion detection/prevention systems, filtering routers, and authenticator content. Organizations may employ different mechanisms to achieve confidentiality and integrity protections, including the use of cryptographic mechanisms and file share scanning. Integrity protection can be achieved, for example, by implementing Write-Once-Read-Many (WORM) technologies. Organizations may also employ other security controls including, for example, secure off-line storage in lieu of online storage when adequate protection of information at rest cannot otherwise be achieved and/or continuous monitoring to identify malicious code at rest. Related controls: AC-3, AC-6, CA-7, CM-3, CM-5, CM-6, PE-3, SC-8, SC-13, SI-3, SI-7.
References: NIST Special Publications 800-56, 800-57, 800-111. |
link |
16 |
| FedRAMP_High_R4 |
SC-28(1) |
FedRAMP_High_R4_SC-28(1) |
FedRAMP High SC-28 (1) |
System And Communications Protection |
Cryptographic Protection |
Shared |
n/a |
The information system implements cryptographic mechanisms to prevent unauthorized disclosure and modification of [Assignment: organization-defined information] on [Assignment: organization-defined information system components].
Supplemental Guidance: Selection of cryptographic mechanisms is based on the need to protect the confidentiality and integrity of organizational information. The strength of mechanism is commensurate with the security category and/or classification of the information. This control enhancement applies to significant concentrations of digital media in organizational areas designated for media storage and also to limited quantities of media generally associated with information system components in operational environments (e.g., portable storage devices, mobile devices). Organizations have the flexibility to either encrypt all information on storage devices (i.e., full disk encryption) or encrypt specific data structures (e.g., files, records, or fields). Organizations employing cryptographic mechanisms to protect information at rest also consider cryptographic key management solutions. Related controls: AC-19, SC-12. |
link |
16 |
| FedRAMP_Moderate_R4 |
SC-28 |
FedRAMP_Moderate_R4_SC-28 |
FedRAMP Moderate SC-28 |
System And Communications Protection |
Protection Of Information At Rest |
Shared |
n/a |
The information system protects the [Selection (one or more): confidentiality; integrity] of [Assignment: organization-defined information at rest].
Supplemental Guidance: This control addresses the confidentiality and integrity of information at rest and covers user information and system information. Information at rest refers to the state of information when it is located on storage devices as specific components of information systems. System-related information requiring protection includes, for example, configurations or rule sets for firewalls, gateways, intrusion detection/prevention systems, filtering routers, and authenticator content. Organizations may employ different mechanisms to achieve confidentiality and integrity protections, including the use of cryptographic mechanisms and file share scanning. Integrity protection can be achieved, for example, by implementing Write-Once-Read-Many (WORM) technologies. Organizations may also employ other security controls including, for example, secure off-line storage in lieu of online storage when adequate protection of information at rest cannot otherwise be achieved and/or continuous monitoring to identify malicious code at rest. Related controls: AC-3, AC-6, CA-7, CM-3, CM-5, CM-6, PE-3, SC-8, SC-13, SI-3, SI-7.
References: NIST Special Publications 800-56, 800-57, 800-111. |
link |
16 |
| FedRAMP_Moderate_R4 |
SC-28(1) |
FedRAMP_Moderate_R4_SC-28(1) |
FedRAMP Moderate SC-28 (1) |
System And Communications Protection |
Cryptographic Protection |
Shared |
n/a |
The information system implements cryptographic mechanisms to prevent unauthorized disclosure and modification of [Assignment: organization-defined information] on [Assignment: organization-defined information system components].
Supplemental Guidance: Selection of cryptographic mechanisms is based on the need to protect the confidentiality and integrity of organizational information. The strength of mechanism is commensurate with the security category and/or classification of the information. This control enhancement applies to significant concentrations of digital media in organizational areas designated for media storage and also to limited quantities of media generally associated with information system components in operational environments (e.g., portable storage devices, mobile devices). Organizations have the flexibility to either encrypt all information on storage devices (i.e., full disk encryption) or encrypt specific data structures (e.g., files, records, or fields). Organizations employing cryptographic mechanisms to protect information at rest also consider cryptographic key management solutions. Related controls: AC-19, SC-12. |
link |
16 |
| K_ISMS_P_2018 |
2.10.1 |
K_ISMS_P_2018_2.10.1 |
K ISMS P 2018 2.10.1 |
2.10 |
Establish Procedures for Managing the Security of System Operations |
Shared |
n/a |
Establish and implement operating procedures for managing the security of system operations such as designating system administrators, updating policies, changing rulesets, monitoring events, managing policy implementations or exceptions. |
|
395 |
| K_ISMS_P_2018 |
2.10.2 |
K_ISMS_P_2018_2.10.2 |
K ISMS P 2018 2.10.2 |
2.10 |
Establish Protective Measures for Administrator Privileges and Security Configurations |
Shared |
n/a |
Establish and implement protective measures with regard to administrator privileges and security configurations to ensure that important information and personal information are not exposed as a result of unauthorized access by service type or misconfigurations. |
|
372 |
| K_ISMS_P_2018 |
2.10.4 |
K_ISMS_P_2018_2.10.4 |
K ISMS P 2018 2.10.4 |
2.10 |
Establish Protective Measures when Working with Electronic Transactions or Fintech Services |
Shared |
n/a |
Establish and implement protective measures such as authentication and encryption to prevent information leakage, data alteration, or fraud when working with electronic transactions and Fintech services. In the event connections to external systems are required, safety must be checked. |
|
42 |
| K_ISMS_P_2018 |
2.7.1b |
K_ISMS_P_2018_2.7.1b |
K ISMS P 2018 2.7.1b |
2.7 |
Ensure Data is Encrypted at Rest and In-Transit |
Shared |
n/a |
Ensure data is encrypted when storing and transmitting personal and important information. |
|
67 |
| NIST_SP_800-171_R2_3 |
.13.16 |
NIST_SP_800-171_R2_3.13.16 |
NIST SP 800-171 R2 3.13.16 |
System and Communications Protection |
Protect the confidentiality of CUI at rest. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Information at rest refers to the state of information when it is not in process or in transit and is located on storage devices as specific components of systems. The focus of protection at rest is not on the type of storage device or the frequency of access but rather the state of the information. Organizations can use different mechanisms to achieve confidentiality protections, including the use of cryptographic mechanisms and file share scanning. Organizations may also use other controls including secure off-line storage in lieu of online storage when adequate protection of information at rest cannot otherwise be achieved or continuous monitoring to identify malicious code at rest. See [NIST CRYPTO]. |
link |
18 |
| NIST_SP_800-53_R4 |
SC-28 |
NIST_SP_800-53_R4_SC-28 |
NIST SP 800-53 Rev. 4 SC-28 |
System And Communications Protection |
Protection Of Information At Rest |
Shared |
n/a |
The information system protects the [Selection (one or more): confidentiality; integrity] of [Assignment: organization-defined information at rest].
Supplemental Guidance: This control addresses the confidentiality and integrity of information at rest and covers user information and system information. Information at rest refers to the state of information when it is located on storage devices as specific components of information systems. System-related information requiring protection includes, for example, configurations or rule sets for firewalls, gateways, intrusion detection/prevention systems, filtering routers, and authenticator content. Organizations may employ different mechanisms to achieve confidentiality and integrity protections, including the use of cryptographic mechanisms and file share scanning. Integrity protection can be achieved, for example, by implementing Write-Once-Read-Many (WORM) technologies. Organizations may also employ other security controls including, for example, secure off-line storage in lieu of online storage when adequate protection of information at rest cannot otherwise be achieved and/or continuous monitoring to identify malicious code at rest. Related controls: AC-3, AC-6, CA-7, CM-3, CM-5, CM-6, PE-3, SC-8, SC-13, SI-3, SI-7.
References: NIST Special Publications 800-56, 800-57, 800-111. |
link |
16 |
| NIST_SP_800-53_R4 |
SC-28(1) |
NIST_SP_800-53_R4_SC-28(1) |
NIST SP 800-53 Rev. 4 SC-28 (1) |
System And Communications Protection |
Cryptographic Protection |
Shared |
n/a |
The information system implements cryptographic mechanisms to prevent unauthorized disclosure and modification of [Assignment: organization-defined information] on [Assignment: organization-defined information system components].
Supplemental Guidance: Selection of cryptographic mechanisms is based on the need to protect the confidentiality and integrity of organizational information. The strength of mechanism is commensurate with the security category and/or classification of the information. This control enhancement applies to significant concentrations of digital media in organizational areas designated for media storage and also to limited quantities of media generally associated with information system components in operational environments (e.g., portable storage devices, mobile devices). Organizations have the flexibility to either encrypt all information on storage devices (i.e., full disk encryption) or encrypt specific data structures (e.g., files, records, or fields). Organizations employing cryptographic mechanisms to protect information at rest also consider cryptographic key management solutions. Related controls: AC-19, SC-12. |
link |
16 |
| NIST_SP_800-53_R5 |
SC-28 |
NIST_SP_800-53_R5_SC-28 |
NIST SP 800-53 Rev. 5 SC-28 |
System and Communications Protection |
Protection of Information at Rest |
Shared |
n/a |
Protect the [Selection (OneOrMore): confidentiality;integrity] of the following information at rest: [Assignment: organization-defined information at rest]. |
link |
16 |
| NIST_SP_800-53_R5 |
SC-28(1) |
NIST_SP_800-53_R5_SC-28(1) |
NIST SP 800-53 Rev. 5 SC-28 (1) |
System and Communications Protection |
Cryptographic Protection |
Shared |
n/a |
Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of the following information at rest on [Assignment: organization-defined system components or media]: [Assignment: organization-defined information]. |
link |
16 |
|
U.05.2 - Cryptographic measures |
U.05.2 - Cryptographic measures |
404 not found |
|
|
|
n/a |
n/a |
|
53 |
|
U.11.3 - Encrypted |
U.11.3 - Encrypted |
404 not found |
|
|
|
n/a |
n/a |
|
52 |