last sync: 2024-Oct-11 17:51:27 UTC

Enforce software execution privileges | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Enforce software execution privileges
Id 68d2e478-3b19-23eb-1357-31b296547457
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1041 - Enforce software execution privileges
Additional metadata Name/Id: CMA_C1041 / CMA_C1041
Category: Operational
Title: Enforce software execution privileges
Ownership: Customer
Description: The customer is responsible for enforcing software execution privileges on customer-deployed resources.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 9 compliance controls are associated with this Policy definition 'Enforce software execution privileges' (68d2e478-3b19-23eb-1357-31b296547457)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 AC-6(8) FedRAMP_High_R4_AC-6(8) FedRAMP High AC-6 (8) Access Control Privilege Levels For Code Execution Shared n/a The information system prevents [Assignment: organization-defined software] from executing at higher privilege levels than users executing the software. Supplemental Guidance: In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by organizations. link 1
hipaa 1146.01c2System.23-01.c hipaa-1146.01c2System.23-01.c 1146.01c2System.23-01.c 11 Access Control 1146.01c2System.23-01.c 01.02 Authorized Access to Information Systems Shared n/a The organization promotes the development and use of programs that avoid the need to run with elevated privileges and system routines to avoid the need to grant privileges to users. 8
hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 12 Audit Logging & Monitoring 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures Shared n/a Access for individuals responsible for administering access controls is limited to the minimum necessary based upon each user's role and responsibilities and these individuals cannot access audit functions related to these controls. 21
hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 12 Audit Logging & Monitoring 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures Shared n/a Security audit activities are independent. 18
hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 14 Third Party Assurance 1451.05iCSPOrganizational.2-05.i 05.02 External Parties Shared n/a Cloud service providers design and implement controls to mitigate and contain data security risks through proper separation of duties, role-based access, and least-privilege access for all personnel within their supply chain. 21
NIST_SP_800-53_R4 AC-6(8) NIST_SP_800-53_R4_AC-6(8) NIST SP 800-53 Rev. 4 AC-6 (8) Access Control Privilege Levels For Code Execution Shared n/a The information system prevents [Assignment: organization-defined software] from executing at higher privilege levels than users executing the software. Supplemental Guidance: In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by organizations. link 1
NIST_SP_800-53_R5 AC-6(8) NIST_SP_800-53_R5_AC-6(8) NIST SP 800-53 Rev. 5 AC-6 (8) Access Control Privilege Levels for Code Execution Shared n/a Prevent the following software from executing at higher privilege levels than users executing the software: [Assignment: organization-defined software]. link 1
op.exp.2 Security configuration op.exp.2 Security configuration 404 not found n/a n/a 112
op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found n/a n/a 123
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 68d2e478-3b19-23eb-1357-31b296547457
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC