last sync: 2025-Sep-02 17:23:25 UTC

Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet

Azure BuiltIn Policy definition

Source Azure Portal
Display name Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet
Id 77e8b146-0078-4fb2-b002-e112381199f0
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category SQL
Microsoft Learn
Description Virtual network based firewall rules are used to enable traffic from a specific subnet to Azure SQL Database while ensuring the traffic stays within the Azure boundary.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Fixed
AuditIfNotExists
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId Microsoft.Sql servers/virtualNetworkRules properties.virtualNetworkSubnetId True False
Rule resource types IF (1)
Compliance
The following 7 compliance controls are associated with this Policy definition 'Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet' (77e8b146-0078-4fb2-b002-e112381199f0)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
CMMC_L2_v1.9.0 AC.L2_3.1.3 CMMC_L2_v1.9.0_AC.L2_3.1.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AC.L2 3.1.3 Access Control Control CUI Flow Shared Control the flow of CUI in accordance with approved authorizations. To regulate the flow of Controlled Unclassified Information (CUI) in accordance with approved authorizations 45
CMMC_L2_v1.9.0 SC.L2_3.13.6 CMMC_L2_v1.9.0_SC.L2_3.13.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SC.L2 3.13.6 System and Communications Protection Network Communication by Exception Shared Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). To minimise the attack surface and reduce the risk of unauthorized access or malicious activities on their networks. 4
mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found n/a n/a 49
PCI_DSS_v4.0.1 1.3.1 PCI_DSS_v4.0.1_1.3.1 PCI DSS v4.0.1 1.3.1 Install and Maintain Network Security Controls Inbound traffic to the CDE is restricted to only traffic that is necessary and all other traffic is specifically denied Shared n/a Examine configuration standards for NSCs to verify that they define restricting inbound traffic to the CDE is in accordance with all elements specified in this requirement. Examine configurations of NSCs to verify that inbound traffic to the CDE is restricted in accordance with all elements specified in this requirement 4
PCI_DSS_v4.0.1 1.3.2 PCI_DSS_v4.0.1_1.3.2 PCI DSS v4.0.1 1.3.2 Install and Maintain Network Security Controls Outbound traffic from the CDE is restricted to only traffic that is necessary and all other traffic is specifically denied Shared n/a Examine configuration standards for NSCs to verify that they define restricting outbound traffic from the CDE in accordance with all elements specified in this requirement. Examine configurations of NSCs to verify that outbound traffic from the CDE is restricted in accordance with all elements specified in this requirement 4
PCI_DSS_v4.0.1 1.4.2 PCI_DSS_v4.0.1_1.4.2 PCI DSS v4.0.1 1.4.2 Install and Maintain Network Security Controls Inbound traffic from untrusted networks to trusted networks is restricted to communications with system components that are authorized to provide publicly accessible services, protocols, and ports, stateful responses to communications initiated by system components in a trusted network, and all other traffic is denied Shared n/a Examine vendor documentation and configurations of NSCs to verify that inbound traffic from untrusted networks to trusted networks is restricted in accordance with all elements specified in this requirement 4
RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity Control Measures on Cybersecurity - Appendix 5.6 Customer n/a Ensure security controls for remote access to server include the following: (a) restrict access to only hardened and locked down end-point devices; (b) use secure tunnels such as TLS and VPN IPSec; (c) deploy ‘gateway’ server with adequate perimeter defences and protection such as firewall, IPS and antivirus; and (d) close relevant ports immediately upon expiry of remote access. link 19
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 a4087154-2edb-4329-b56a-1cc986807f3c Regulatory Compliance GA BuiltIn unknown
PCI DSS v4.0.1 a06d5deb-24aa-4991-9d58-fa7563154e31 Regulatory Compliance GA BuiltIn unknown
RMIT Malaysia 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6 Regulatory Compliance GA BuiltIn unknown
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-07-08 14:28:08 add 77e8b146-0078-4fb2-b002-e112381199f0
JSON compare n/a
JSON
api-version=2021-06-01
EPAC