Source
Azure Portal
Display name
Terminate customer controlled account credentials
Id
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Copy Id Copy resourceId
Version
1.1.0 Details on versioning
Versioning
Versions supported for Versioning: 1 1.1.0 Built-in Versioning [Preview]
Category
Regulatory Compliance Microsoft Learn
Description
CMA_C1022 - Terminate customer controlled account credentials
Cloud environments
AzureCloud = true AzureUSGovernment = true AzureChinaCloud = unknown
Available in AzUSGov
The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'
Additional metadata
Name/Id: CMA_C1022 / CMA_C1022
Category: Operational
Title: Terminate customer controlled account credentials
Ownership: Customer
Description: The customer is responsible for the termination of customer-controlled shared/group account credentials.
Requirements: The customer is responsible for implementing this recommendation.
Mode
All
Type
BuiltIn
Preview
False
Deprecated
False
Effect
Default Manual
Allowed Manual, Disabled
RBAC role(s)
none
Rule aliases
none
Rule resource types
IF (1)
ComplianceHide
The following
10 compliance controls are associated with this Policy definition 'Terminate customer controlled account credentials' (76d66b5c-85e4-93f5-96a5-ebb2fad61dc6)
Columns▼ Records: 10 25 100 200 Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
< ,
<= ,
> ,
>= ,
= ,
* ,
! ,
{ ,
} ,
|| ,
&& ,
[empty] ,
[nonempty] ,
rgx: Learn more ? Page 1 of 1
Clear FedRAMP_High_R4 FedRAMP_Moderate_R4 ISO27001-2013 NIST_SP_800-53_R4 PCI_DSS_v4.0 Clear 8.2.2 A.10.1.2 A.9.3.1 AC-2(10) mp.s.2 Protection of web services and applications op.acc.2 Access requirements op.acc.5 Authentication mechanism (external users) op.exp.10 Cryptographic key protection Clear Shared
Control Domain
Control
Name
MetadataId
Category
Title
Owner
Requirements
Description
Info
Policy#
FedRAMP_High_R4
AC-2(10)
FedRAMP_High_R4_AC-2(10)
FedRAMP High AC-2 (10)
Access Control
Shared / Group Account Credential Termination
Shared
n/a
The information system terminates shared/group account credentials when members leave the group.
link
1
FedRAMP_Moderate_R4
AC-2(10)
FedRAMP_Moderate_R4_AC-2(10)
FedRAMP Moderate AC-2 (10)
Access Control
Shared / Group Account Credential Termination
Shared
n/a
The information system terminates shared/group account credentials when members leave the group.
link
1
ISO27001-2013
A.10.1.2
ISO27001-2013_A.10.1.2
ISO 27001:2013 A.10.1.2
Cryptography
Key Management
Shared
n/a
A policy on the use, protection and lifetime of cryptographic keys shall be developed and implemented through their whole lifecycle.
link
15
ISO27001-2013
A.9.3.1
ISO27001-2013_A.9.3.1
ISO 27001:2013 A.9.3.1
Access Control
Use of secret authentication information
Shared
n/a
Users shall be required to follow the organization's practices in the use of secret authentication information.
link
15
mp.s.2 Protection of web services and applications
mp.s.2 Protection of web services and applications
404 not found
n/a
n/a
102
NIST_SP_800-53_R4
AC-2(10)
NIST_SP_800-53_R4_AC-2(10)
NIST SP 800-53 Rev. 4 AC-2 (10)
Access Control
Shared / Group Account Credential Termination
Shared
n/a
The information system terminates shared/group account credentials when members leave the group.
link
1
op.acc.2 Access requirements
op.acc.2 Access requirements
404 not found
n/a
n/a
61
op.acc.5 Authentication mechanism (external users)
op.acc.5 Authentication mechanism (external users)
404 not found
n/a
n/a
69
op.exp.10 Cryptographic key protection
op.exp.10 Cryptographic key protection
404 not found
n/a
n/a
50
PCI_DSS_v4.0
8.2.2
PCI_DSS_v4.0_8.2.2
PCI DSS v4.0 8.2.2
Requirement 08: Identify Users and Authenticate Access to System Components
User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle
Shared
n/a
Group, shared, or generic accounts, or other shared authentication credentials are only used when necessary on an exception basis, and are managed as follows:
• Account use is prevented unless needed for an exceptional circumstance.
• Use is limited to the time needed for the exceptional circumstance.
• Business justification for use is documented.
• Use is explicitly approved by management.
• Individual user identity is confirmed before access to an account is granted.
• Every action taken is attributable to an individual user.
link
4
No results
Initiatives usage
Records: 10 25 100 200 Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
< ,
<= ,
> ,
>= ,
= ,
* ,
! ,
{ ,
} ,
|| ,
&& ,
[empty] ,
[nonempty] ,
rgx: Learn more ? Page 1 of 1
Clear Regulatory Compliance Clear GA Clear BuiltIn
Initiative DisplayName
Initiative Id
Initiative Category
State
Type
polSet in AzUSGov
FedRAMP High
d5264498-16f4-418a-b659-fa7ef418175f
Regulatory Compliance
GA BuiltIn
true
FedRAMP Moderate
e95f5a9f-57ad-4d03-bb0b-b1d16db93693
Regulatory Compliance
GA BuiltIn
true
ISO 27001:2013
89c6cddc-1c73-4ac1-b19c-54d1a15a42f2
Regulatory Compliance
GA BuiltIn
true
NIST SP 800-53 Rev. 4
cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f
Regulatory Compliance
GA BuiltIn
true
PCI DSS v4
c676748e-3af9-4e22-bc28-50feed564afb
Regulatory Compliance
GA BuiltIn
true
Spain ENS
175daf90-21e1-4fec-b745-7b4c909aa94c
Regulatory Compliance
GA BuiltIn
unknown
No results
History
Date/Time (UTC ymd) (i)
Change type
Change detail
2022-09-27 16:35:32
change
Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40
add
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6
JSON compareHide
compare mode:
side-by-side
line-by-line
version left: 1.0.0
version right: 1.1.0 1.0.0
@@ -3,9 +3,9 @@
3
"policyType": "BuiltIn",
4
"mode": "All",
5
"description": "CMA_C1022 - Terminate customer controlled account credentials",
6
"metadata": {
7
-
"version": "1.0.0",
8
"category": "Regulatory Compliance",
9
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMA_C1022"
10
},
11
"parameters": {
@@ -29,9 +29,9 @@
29
},
30
"then": {
31
"effect": "[parameters('effect')]",
32
"details": {
33
-
"defaultState": "NonCompliant"
34
}
35
}
36
}
37
}
3
"policyType": "BuiltIn",
4
"mode": "All",
5
"description": "CMA_C1022 - Terminate customer controlled account credentials",
6
"metadata": {
7
+
"version": "1.1 .0",
8
"category": "Regulatory Compliance",
9
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMA_C1022"
10
},
11
"parameters": {
29
},
30
"then": {
31
"effect": "[parameters('effect')]",
32
"details": {
33
+
"defaultState": "Unknown "
34
}
35
}
36
}
37
}
JSON
api-version=2021-06-01
Copy definition Copy definition 4 EPAC EPAC
{ 7 items displayName: "Terminate customer controlled account credentials" , policyType: "BuiltIn" , mode: "All" , description: "CMA_C1022 - Terminate customer controlled account credentials" , metadata: { 3 items version: "1.1.0" , category: "Regulatory Compliance" , additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/CMA_C1022" } , parameters: { 1 item } , policyRule: { 2 items } }