last sync: 2024-May-24 18:03:04 UTC

Microsoft Managed Control 1177 - Baseline Configuration | Reviews And Updates | Regulatory Compliance - Configuration Management

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1177 - Baseline Configuration | Reviews And Updates
Id 63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Configuration Management control
Additional metadata Name/Id: ACF1177 / Microsoft Managed Control 1177
Category: Configuration Management
Title: Baseline Configuration | Reviews And Updates - Regular Frequency
Ownership: Customer, Microsoft
Description: The organization reviews and updates the baseline configuration of the information system: Annually;
Requirements: Servers The Logging and Monitoring team thoroughly reviews and updates the Azure configuration baselines based on new security configurations or changes to existing security configurations of the OS and components at least annually or when a significant change occurs. Additionally, if business priorities require an update to the operating system image as part of the twice per year semester planning the baselines team works the respective imaging team - Azure RDOS team for Azure Host, Native, and Guest images, and IPAK for Bare Metal and Pilotfish - for updates as appropriate. Any updates to images are scheduled as part of the Change and Release Management process. Network Devices For network devices, the Azure Networking team sets the configuration baselines for network devices using recommended configurations specific to each vendor, and these teams make updates at least annually based upon recommendations from the vendors as well as internal testing, requirements, and feedback. Azure Services Azure utilizes a continuous integration and continuous deployment (CI/CD) model for services, ensuring the software baseliens are updated regularly - in some cases, multiple times per day. Azure service teams maintain software baselines for each asset in the approved software baseline repository, Azure DevOps. This ensures the baselines remain under configuration control. Changes to configuration baselines go through the Security Development Lifecycle (SDL) process, which requires security signoffs prior to production deployment, among other security.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC