last sync: 2024-Feb-21 20:03:25 UTC

Microsoft Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection | Regulatory Compliance - Audit and Accountability

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection
Id 90b60a09-133d-45bc-86ef-b206a6134bbe
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Audit and Accountability control
Additional metadata Name/Id: ACF1133 / Microsoft Managed Control 1133
Category: Audit and Accountability
Title: Protection Of Audit Information | Cryptographic Protection
Ownership: Customer, Microsoft
Description: The information system implements cryptographic mechanisms to protect the integrity of audit information and audit tools.
Requirements: Azure cryptographically protects all audit log data stored within the Azure Storage accounts used for audit log retention as a native feature of Azure Storage. In addition, Kusto and Jarvis storage is read-only by design, and once logs are ingested and stored, cannot be altered or deleted in any way. Audit tooling is protected in the same method as all other Azure code, via the code signing process as part of the Security Development Lifecycle (SDL) implementation and System Lockdown validation, currently operating in Audit Mode. System Lockdown alerts the affected Azure service team when unsigned code is installed and run within Azure. When Enforcement Mode is activated, System Lockdown will block unsigned code.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a