last sync: 2024-Mar-01 17:50:27 UTC

Microsoft Managed Control 1468 - Visitor Access Records | Automated Records Maintenance / Review | Regulatory Compliance - Physical and Environmental Protection

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1468 - Visitor Access Records | Automated Records Maintenance / Review
Id 75603f96-80a1-4757-991d-5a1221765ddd
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Physical and Environmental Protection control
Additional metadata Name/Id: ACF1468 / Microsoft Managed Control 1468
Category: Physical and Environmental Protection
Title: Visitor Access Records | Automated Records Maintenance / Review
Ownership: Microsoft
Description: The organization employs automated mechanisms to facilitate the maintenance and review of visitor access records.
Requirements: Datacenter access records are maintained in DCAT in the form of approved DCAT requests. DCAT requests can only be approved by the Datacenter Management (DCM) team. Access levels within the datacenter are assigned and managed within DCAT. Datacenter access is reviewed quarterly. All access to Azure datacenters is recorded in DCAT and is available for future possible investigations. Visitors are always required to be escorted. The escort’s access within the datacenter is logged within the alarm monitoring system and if necessary can be correlated to the visitor for future review. Visitor access is being reviewed continuously by the assigned escort and by the control room supervisor via CCTV and the alarm monitoring system. Visitors are not provided with access and must always be accompanied by their escorts. Datacenter access records are maintained in DCAT in the form of approved DCAT requests. DCAT is the automated mechanism used to maintain and review visitor access records. DCAT requests can only be approved by the DCM team. Access levels within the datacenter are assigned and managed within DCAT. Datacenter access is reviewed quarterly. All access to Azure datacenters is recorded in DCAT and is available for future possible investigations. Visitors are always required to be escorted. The escort’s access within the datacenter is logged within the alarm monitoring system and if necessary can be correlated to the visitor for future review. Visitor access is being reviewed continuously by the assigned escort and by the control room supervisor via CCTV and the alarm monitoring system. Visitors are not provided with access and must always be accompanied by their escorts.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC