last sync: 2024-Oct-15 17:53:32 UTC

Document wireless access security controls | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Document wireless access security controls
Id 8f835d6a-4d13-9a9c-37dc-176cebd37fda
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1695 - Document wireless access security controls
Additional metadata Name/Id: CMA_C1695 / CMA_C1695
Category: Operational
Title: Document wireless access security controls
Ownership: Customer
Description: Microsoft recommends that your organization document and implement security controls for wireless access to your network, including usage restrictions and configuration/connection requirements
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 16 compliance controls are associated with this Policy definition 'Document wireless access security controls' (8f835d6a-4d13-9a9c-37dc-176cebd37fda)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 SI-4(14) FedRAMP_High_R4_SI-4(14) FedRAMP High SI-4 (14) System And Information Integrity Wireless Intrusion Detection Shared n/a The organization employs a wireless intrusion detection system to identify rogue wireless devices and to detect attack attempts and potential compromises/breaches to the information system. Supplemental Guidance: Wireless signals may radiate beyond the confines of organization- controlled facilities. Organizations proactively search for unauthorized wireless connections including the conduct of thorough scans for unauthorized wireless access points. Scans are not limited to those areas within facilities containing information systems, but also include areas outside of facilities as needed, to verify that unauthorized wireless access points are not connected to the systems. Related controls: AC-18, IA-3. link 1
FedRAMP_Moderate_R4 SI-4(14) FedRAMP_Moderate_R4_SI-4(14) FedRAMP Moderate SI-4 (14) System And Information Integrity Wireless Intrusion Detection Shared n/a The organization employs a wireless intrusion detection system to identify rogue wireless devices and to detect attack attempts and potential compromises/breaches to the information system. Supplemental Guidance: Wireless signals may radiate beyond the confines of organization- controlled facilities. Organizations proactively search for unauthorized wireless connections including the conduct of thorough scans for unauthorized wireless access points. Scans are not limited to those areas within facilities containing information systems, but also include areas outside of facilities as needed, to verify that unauthorized wireless access points are not connected to the systems. Related controls: AC-18, IA-3. link 1
hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 02 Endpoint Protection 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code Shared n/a Anti-virus and anti-spyware are installed, operating and updated on all end-user devices to conduct periodic scans of the systems to identify and remove unauthorized software. Server environments for which the server software developer specifically recommends not installing host-based anti-virus and anti-spyware software are addressed via a network-based malware detection (NBMD) solution. 14
hipaa 0504.09m2Organizational.5-09.m hipaa-0504.09m2Organizational.5-09.m 0504.09m2Organizational.5-09.m 05 Wireless Security 0504.09m2Organizational.5-09.m 09.06 Network Security Management Shared n/a Firewalls are configured to deny or control any traffic from a wireless environment into the covered data environment. 4
hipaa 0505.09m2Organizational.3-09.m hipaa-0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 05 Wireless Security 0505.09m2Organizational.3-09.m 09.06 Network Security Management Shared n/a Quarterly scans are performed to identify unauthorized wireless access points, and appropriate action is taken if any unauthorized access points are discovered. 8
hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 06 Configuration Management 0663.10h1System.7-10.h 10.04 Security of System Files Shared n/a The operating system has in place supporting technical controls such as antivirus, file integrity monitoring, host-based (personal) firewalls or port filtering tools, and logging as part of its baseline. 16
hipaa 0825.09m3Organizational.23-09.m hipaa-0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 08 Network Protection 0825.09m3Organizational.23-09.m 09.06 Network Security Management Shared n/a Technical tools such as an IDS/IPS are implemented and operating on the network perimeter and other key points to identify vulnerabilities, monitor traffic, detect attack attempts and successful compromises, and mitigate threats; and these tools are updated on a regular basis. 7
hipaa 0858.09m1Organizational.4-09.m hipaa-0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 08 Network Protection 0858.09m1Organizational.4-09.m 09.06 Network Security Management Shared n/a The organization monitors for all authorized and unauthorized wireless access to the information system and prohibits installation of wireless access points (WAPs) unless explicitly authorized in writing by the CIO or his/her designated representative. 7
hipaa 0861.09m2Organizational.67-09.m hipaa-0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 08 Network Protection 0861.09m2Organizational.67-09.m 09.06 Network Security Management Shared n/a To identify and authenticate devices on local and/or wide area networks, including wireless networks, the information system uses either a (i) shared known information solution, or (ii) an organizational authentication solution, the exact selection and strength of which is dependent on the security categorization of the information system. 7
hipaa 12100.09ab2System.15-09.ab hipaa-12100.09ab2System.15-09.ab 12100.09ab2System.15-09.ab 12 Audit Logging & Monitoring 12100.09ab2System.15-09.ab 09.10 Monitoring Shared n/a The organization monitors the information system to identify irregularities or anomalies that are indicators of a system malfunction or compromise and help confirm the system is functioning in an optimal, resilient and secure state. 3
hipaa 1217.09ab3System.3-09.ab hipaa-1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 12 Audit Logging & Monitoring 1217.09ab3System.3-09.ab 09.10 Monitoring Shared n/a Alerts are generated for technical personnel to analyze and investigate suspicious activity or suspected violations. 5
hipaa 1411.09f1System.1-09.f hipaa-1411.09f1System.1-09.f 1411.09f1System.1-09.f 14 Third Party Assurance 1411.09f1System.1-09.f 09.02 Control Third Party Service Delivery Shared n/a The results of monitoring activities of third-party services are compared against the Service Level Agreements or contracts at least annually. 9
hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 15 Incident Management 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses Shared n/a Intrusion detection/information protection system (IDS/IPS) alerts are utilized for reporting information security events. 17
hipaa 1812.08b3Organizational.46-08.b hipaa-1812.08b3Organizational.46-08.b 1812.08b3Organizational.46-08.b 18 Physical & Environmental Security 1812.08b3Organizational.46-08.b 08.01 Secure Areas Shared n/a Intrusion detection systems (e.g., alarms and surveillance equipment) are installed on all external doors and accessible windows, the systems are monitored, and incidents/alarms are investigated. 3
NIST_SP_800-53_R4 SI-4(14) NIST_SP_800-53_R4_SI-4(14) NIST SP 800-53 Rev. 4 SI-4 (14) System And Information Integrity Wireless Intrusion Detection Shared n/a The organization employs a wireless intrusion detection system to identify rogue wireless devices and to detect attack attempts and potential compromises/breaches to the information system. Supplemental Guidance: Wireless signals may radiate beyond the confines of organization- controlled facilities. Organizations proactively search for unauthorized wireless connections including the conduct of thorough scans for unauthorized wireless access points. Scans are not limited to those areas within facilities containing information systems, but also include areas outside of facilities as needed, to verify that unauthorized wireless access points are not connected to the systems. Related controls: AC-18, IA-3. link 1
NIST_SP_800-53_R5 SI-4(14) NIST_SP_800-53_R5_SI-4(14) NIST SP 800-53 Rev. 5 SI-4 (14) System and Information Integrity Wireless Intrusion Detection Shared n/a Employ a wireless intrusion detection system to identify rogue wireless devices and to detect attack attempts and potential compromises or breaches to the system. link 1
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 8f835d6a-4d13-9a9c-37dc-176cebd37fda
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC