last sync: 2024-May-24 18:03:04 UTC

Prohibit binary/machine-executable code | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Prohibit binary/machine-executable code
Id 8e920169-739d-40b5-3f99-c4d855327bb2
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1717 - Prohibit binary/machine-executable code
Additional metadata Name/Id: CMA_C1717 / CMA_C1717
Category: Operational
Title: Prohibit binary/machine-executable code
Ownership: Customer
Description: The customer is responsible for prohibiting binary/machine-executable code from sources with limited or no warranty and without source code. These restrictions only occur for compelling mission/operational requirements and with the approval of the authorizing official.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 4 compliance controls are associated with this Policy definition 'Prohibit binary/machine-executable code' (8e920169-739d-40b5-3f99-c4d855327bb2)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 SI-7(14) FedRAMP_High_R4_SI-7(14) FedRAMP High SI-7 (14) System And Information Integrity Binary Or Machine Executable Code Shared n/a The organization: (a) Prohibits the use of binary or machine-executable code from sources with limited or no warranty and without the provision of source code; and (b) Provides exceptions to the source code requirement only for compelling mission/operational requirements and with the approval of the authorizing official. Supplemental Guidance: This control enhancement applies to all sources of binary or machine- executable code including, for example, commercial software/firmware and open source software. Organizations assess software products without accompanying source code from sources with limited or no warranty for potential security impacts. The assessments address the fact that these types of software products may be very difficult to review, repair, or extend, given that organizations, in most cases, do not have access to the original source code, and there may be no owners who could make such repairs on behalf of organizations. Related control: SA-5. link 1
hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 06 Configuration Management 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes Shared n/a The integrity of all virtual machine images is ensured at all times by (i) logging and raising an alert for any changes made to virtual machine images, and (ii) making available to the business owner(s) and/or customer(s) through electronic methods (e.g., portals or alerts) the results of a change or move and the subsequent validation of the image's integrity. 12
hipaa 1206.09aa2System.23-09.aa hipaa-1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 12 Audit Logging & Monitoring 1206.09aa2System.23-09.aa 09.10 Monitoring Shared n/a Auditing is always available while the system is active and tracks key events, success/failed data access, system security configuration changes, privileged or utility use, any alarms raised, activation and de-activation of protection systems (e.g., A/V and IDS), activation and deactivation of identification and authentication mechanisms, and creation and deletion of system-level objects. 6
NIST_SP_800-53_R4 SI-7(14) NIST_SP_800-53_R4_SI-7(14) NIST SP 800-53 Rev. 4 SI-7 (14) System And Information Integrity Binary Or Machine Executable Code Shared n/a The organization: (a) Prohibits the use of binary or machine-executable code from sources with limited or no warranty and without the provision of source code; and (b) Provides exceptions to the source code requirement only for compelling mission/operational requirements and with the approval of the authorizing official. Supplemental Guidance: This control enhancement applies to all sources of binary or machine- executable code including, for example, commercial software/firmware and open source software. Organizations assess software products without accompanying source code from sources with limited or no warranty for potential security impacts. The assessments address the fact that these types of software products may be very difficult to review, repair, or extend, given that organizations, in most cases, do not have access to the original source code, and there may be no owners who could make such repairs on behalf of organizations. Related control: SA-5. link 1
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 8e920169-739d-40b5-3f99-c4d855327bb2
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC