last sync: 2024-Mar-27 18:49:11 UTC

Microsoft Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity Using Encryption | Regulatory Compliance - Access Control

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity Using Encryption
Id 4708723f-e099-4af1-bbf9-b6df7642e444
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Access Control control
Additional metadata Name/Id: ACF1062 / Microsoft Managed Control 1062
Category: Access Control
Title: Remote Access | Protection Of Confidentiality / Integrity Using Encryption
Ownership: Customer, Microsoft
Description: The information system implements cryptographic mechanisms to protect the confidentiality and integrity of remote access sessions.
Requirements: For all asset types, Azure uses cryptographic controls to protect the confidentiality, authenticity and integrity of sensitive data while in transit or at rest. To ensure confidentiality, Azure uses both symmetric and asymmetric keys for encrypting sensitive data to prevent access from unauthorized parties. For example, secrets such as the Storage Key are encrypted using the receiving component’s public key prior to transmission. As part of the component’s deployment, the private key is installed into the runtime environment by leveraging the Azure Certificate Store (WACS) functionality provided by the Fabric. The component uses the private key installed into the WACS to decrypt the secret. To ensure integrity, Azure uses asymmetric keys to protect unauthorized modification to sensitive data during transmission across components. For example, a component might generate a file then compute a cryptographic checksum over that file’s contents, then sign that checksum via its private key. Upon subsequent access of that file, the component first validates that the file’s contents had not been modified by recomputing the checksum over the current file contents then verifying the signature, which only requires the public key. Azure uses FIPS 140-2 validated cryptography for access. Azure Remote Desktop Protocol (RDP) and SSL VPN services are configured to use FIPS 140-2 validated TLS 1.2 encryption for access. Encryption is required for all connections. PKI certificates are utilized within Azure on the internal RD gateways and are obtained through the Azure PKI, and SSL certificates utilized by access solutions.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC