AzPolicyAdvertizer

last sync: 2025-Sep-18 17:23:10 UTC

Terminate customer controlled account credentials | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Terminate customer controlled account credentials

76d66b5c-85e4-93f5-96a5-ebb2fad61dc6

Version

1.1.0
Details on versioning

Versioning

Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]

Category

Regulatory Compliance
Microsoft Learn

Description

CMA_C1022 - Terminate customer controlled account credentials

Cloud environments

AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown

Available in AzUSGov

The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'

Additional metadata

Name/Id: CMA_C1022 / CMA_C1022
Category: Operational
Title: Terminate customer controlled account credentials
Ownership: Customer
Description: The customer is responsible for the termination of customer-controlled shared/group account credentials.
Requirements: The customer is responsible for implementing this recommendation.

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Manual
Allowed
Manual, Disabled

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (1)

Microsoft.Resources/subscriptions

Compliance

The following 10 compliance controls are associated with this Policy definition 'Terminate customer controlled account credentials' (76d66b5c-85e4-93f5-96a5-ebb2fad61dc6)

Rows: 1-10 / 10
Columns:
Select all:
Control Domain
Control
Name
MetadataId
Category
Title
Owner
Requirements
Description
Info
Policy#
Close
Columns▼Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, **[empty]**, **[nonempty]**, **rgx:**
Learn more
TableFilter v0.7.3
https://www.tablefilter.com/
©2015-2025 Max Guglielmi
Close
?
Page of 1
Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#

FedRAMP_High_R4	AC-2(10)	FedRAMP_High_R4_AC-2(10)	FedRAMP High AC-2 (10)	Access Control	Shared / Group Account Credential Termination	Shared	n/a	The information system terminates shared/group account credentials when members leave the group.	link	1
FedRAMP_Moderate_R4	AC-2(10)	FedRAMP_Moderate_R4_AC-2(10)	FedRAMP Moderate AC-2 (10)	Access Control	Shared / Group Account Credential Termination	Shared	n/a	The information system terminates shared/group account credentials when members leave the group.	link	1
ISO27001-2013	A.10.1.2	ISO27001-2013_A.10.1.2	ISO 27001:2013 A.10.1.2	Cryptography	Key Management	Shared	n/a	A policy on the use, protection and lifetime of cryptographic keys shall be developed and implemented through their whole lifecycle.	link	15
ISO27001-2013	A.9.3.1	ISO27001-2013_A.9.3.1	ISO 27001:2013 A.9.3.1	Access Control	Use of secret authentication information	Shared	n/a	Users shall be required to follow the organization's practices in the use of secret authentication information.	link	15
	mp.s.2 Protection of web services and applications	mp.s.2 Protection of web services and applications	404 not found				n/a	n/a		102
NIST_SP_800-53_R4	AC-2(10)	NIST_SP_800-53_R4_AC-2(10)	NIST SP 800-53 Rev. 4 AC-2 (10)	Access Control	Shared / Group Account Credential Termination	Shared	n/a	The information system terminates shared/group account credentials when members leave the group.	link	1
	op.acc.2 Access requirements	op.acc.2 Access requirements	404 not found				n/a	n/a		61
	op.acc.5 Authentication mechanism (external users)	op.acc.5 Authentication mechanism (external users)	404 not found				n/a	n/a		69
	op.exp.10 Cryptographic key protection	op.exp.10 Cryptographic key protection	404 not found				n/a	n/a		50
PCI_DSS_v4.0	8.2.2	PCI_DSS_v4.0_8.2.2	PCI DSS v4.0 8.2.2	Requirement 08: Identify Users and Authenticate Access to System Components	User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle	Shared	n/a	Group, shared, or generic accounts, or other shared authentication credentials are only used when necessary on an exception basis, and are managed as follows: • Account use is prevented unless needed for an exceptional circumstance. • Use is limited to the time needed for the exceptional circumstance. • Business justification for use is documented. • Use is explicitly approved by management. • Individual user identity is confirmed before access to an account is granted. • Every action taken is attributable to an individual user.	link	4

Initiatives usage

Rows: 1-6 / 6
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, **[empty]**, **[nonempty]**, **rgx:**
Learn more
TableFilter v0.7.3
https://www.tablefilter.com/
©2015-2025 Max Guglielmi
Close
?
Page of 1
Initiative DisplayName	Initiative Id	Initiative Category	State	Type	polSet in AzUSGov

FedRAMP High	d5264498-16f4-418a-b659-fa7ef418175f	Regulatory Compliance	GA	BuiltIn	true
FedRAMP Moderate	e95f5a9f-57ad-4d03-bb0b-b1d16db93693	Regulatory Compliance	GA	BuiltIn	true
ISO 27001:2013	89c6cddc-1c73-4ac1-b19c-54d1a15a42f2	Regulatory Compliance	GA	BuiltIn	true
NIST SP 800-53 Rev. 4	cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f	Regulatory Compliance	GA	BuiltIn	true
PCI DSS v4	c676748e-3af9-4e22-bc28-50feed564afb	Regulatory Compliance	GA	BuiltIn	true
Spain ENS	175daf90-21e1-4fec-b745-7b4c909aa94c	Regulatory Compliance	GA	BuiltIn	unknown

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	change	Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40	add	76d66b5c-85e4-93f5-96a5-ebb2fad61dc6

JSON compare

compare mode: version left: version right:

1.0.0 → 1.1.0 RENAMED Viewed

@@ -3,9 +3,9 @@
     "policyType": "BuiltIn",
     "mode": "All",
     "description": "CMA_C1022 - Terminate customer controlled account credentials",
     "metadata": {
-        "version": "1.0.0",
         "category": "Regulatory Compliance",
         "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMA_C1022"
     },
     "parameters": {
@@ -29,9 +29,9 @@
         },
         "then": {
             "effect": "[parameters('effect')]",
             "details": {
-                "defaultState": "NonCompliant"
             }
         }
     }
 }

     "policyType": "BuiltIn",
     "mode": "All",
     "description": "CMA_C1022 - Terminate customer controlled account credentials",
     "metadata": {
+        "version": "1.1.0",
         "category": "Regulatory Compliance",
         "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMA_C1022"
     },
     "parameters": {
         },
         "then": {
             "effect": "[parameters('effect')]",
             "details": {
+                "defaultState": "Unknown"
             }
         }
     }
 }

JSON

api-version=2021-06-01
EPAC

{7 itemsdisplayName: "Terminate customer controlled account credentials",
policyType: "BuiltIn",
mode: "All",
description: "CMA_C1022 - Terminate customer controlled account credentials",
metadata: {3 itemsversion: "1.1.0",
category: "Regulatory Compliance",
additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/CMA_C1022"
},
parameters: {1 itemeffect: {4 itemstype: "String",
metadata: {2 itemsdisplayName: "Effect",
description: "Enable or disable the execution of the policy"
},
allowedValues: [2 items"Manual",
"Disabled"
],
defaultValue: "Manual"
}
},
policyRule: {2 itemsif: {2 itemsfield: "type",
equals: "Microsoft.Resources/subscriptions"
},
then: {2 itemseffect: "[parameters('effect')]",
details: {1 itemdefaultState: "Unknown"
}
}
}
}

Terminate customer controlled account credentials | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

TableFilter v0.7.3

TableFilter v0.7.3