AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

A custom IPsec/IKE policy must be applied to all Azure virtual network gateway connections

Azure BuiltIn Policy definition

Source Azure Portal
Display name A custom IPsec/IKE policy must be applied to all Azure virtual network gateway connections
Id 50b83b09-03da-41c1-b656-c293c914862b
Version 1.0.0
Details on versioning
Category Network
Microsoft Learn
Description This policy ensures that all Azure virtual network gateway connections use a custom Internet Protocol Security(Ipsec)/Internet Key Exchange(IKE) policy. Supported algorithms and key strengths - https://aka.ms/AA62kb0
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Disabled
RBAC role(s) none
Rule aliases IF (6)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/connections/ipsecPolicies[*].dhGroup Microsoft.Network connections properties.ipsecPolicies[*].dhGroup True False
Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption Microsoft.Network connections properties.ipsecPolicies[*].ikeEncryption True False
Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity Microsoft.Network connections properties.ipsecPolicies[*].ikeIntegrity True False
Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption Microsoft.Network connections properties.ipsecPolicies[*].ipsecEncryption True False
Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity Microsoft.Network connections properties.ipsecPolicies[*].ipsecIntegrity True False
Microsoft.Network/connections/ipsecPolicies[*].pfsGroup Microsoft.Network connections properties.ipsecPolicies[*].pfsGroup True False
Rule resource types IF (1)
Microsoft.Network/connections
Compliance
The following 2 compliance controls are associated with this Policy definition 'A custom IPsec/IKE policy must be applied to all Azure virtual network gateway connections' (50b83b09-03da-41c1-b656-c293c914862b)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
RMiT_v1.0 10.39 RMiT_v1.0_10.39 RMiT 10.39 Network Resilience Network Resilience - 10.39 Shared n/a A financial institution must implement appropriate safeguards to minimise the risk of a system compromise in one entity affecting other entities within the group. Safeguards implemented may include establishing logical network segmentation for the financial institution from other entities within the group. link 3
RMiT_v1.0 Appendix_5.5 RMiT_v1.0_Appendix_5.5 RMiT Appendix 5.5 Control Measures on Cybersecurity Control Measures on Cybersecurity - Appendix 5.5 Customer n/a Ensure security controls for server-to-server external network connections include the following: (a) server-to-server authentication such as Public Key Infrastructure (PKI) certificate or user ID and password; (b) use of secure tunnels such as Transport Layer Security (TLS) and Virtual Private Network (VPN) IPSec; and (c) deploying staging servers with adequate perimeter defences and protection such as firewall, IPS and antivirus. link 2
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
RMIT Malaysia 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6 Regulatory Compliance GA BuiltIn
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC