last sync: 2024-Jun-13 18:14:14 UTC

Review exploit protection events | Regulatory Compliance - Documentation

Azure BuiltIn Policy definition

Source Azure Portal
Display name Review exploit protection events
Id a30bd8e9-7064-312a-0e1f-e1b485d59f6e
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_0472 - Review exploit protection events
Additional metadata Name/Id: CMA_0472 / CMA_0472
Category: Documentation
Title: Review exploit protection events
Ownership: Customer
Description: Microsoft recommends that your organization regularly review and monitor exploits as part of your threat monitoring processes. Attackers can use exploits as a means to access and use a system to take advantage of a bug or vulnerability in a software application or process. It is recommended to configure your threat detection and reporting mechanisms to include exploit events. Your organization may also review historic audit logs to determine if vulnerabilities have been previously exploited and make efforts to avoid the exploits in the future. **How to Use Microsoft Solutions to Implement** Microsoft recommends that your organization review controlled folder access events using advanced hunting in the Microsoft Defender Security Center. Microsoft Defender for Endpoint provides detailed reporting into events and blocks as part of its alert investigation scenarios. You can utilize Microsoft Defender for Endpoint data by using advanced hunting. Use advanced hunting in [to see how controlled folder access settings would affect your environment, if enabled. For more information about Azure Defender, go to: https://docs.microsoft.com/azure/security-center/azure-defender **Learn More** Microsoft Defender for Endpoint: https://docs.microsoft.com/azure/security-center/security-center-wdatp?tabs=windows Use audit logs to track and monitor events in Microsoft Intune: https://aka.ms/AA9ymbh
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 9 compliance controls are associated with this Policy definition 'Review exploit protection events' (a30bd8e9-7064-312a-0e1f-e1b485d59f6e)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Risk Assessment Review Historic Audit Logs Shared n/a The organization reviews historic audit logs to determine if a vulnerability identified in the information system has been previously exploited. Supplemental Guidance: Related control: AU-6. link 15
FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Risk Assessment Review Historic Audit Logs Shared n/a The organization reviews historic audit logs to determine if a vulnerability identified in the information system has been previously exploited. Supplemental Guidance: Related control: AU-6. link 15
hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 02 Endpoint Protection 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code Shared n/a The organization configures malicious code and spam protection mechanisms to (i) perform periodic scans of the information system according to organization guidelines; (ii) perform real-time scans of files from external sources at endpoints and network entry/exit points as the files are downloaded, opened, or executed in accordance with organizational security policy; and, (iii) block malicious code, quarantine malicious code, or send an alert to the administrator in response to malicious code detection. 25
hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 07 Vulnerability Management 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management Shared n/a The technical vulnerability management program is evaluated on a quarterly basis. 20
hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 07 Vulnerability Management 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management Shared n/a The organization reviews historic audit logs to determine if high vulnerability scan findings identified in the information system have been previously exploited. 17
NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Risk Assessment Review Historic Audit Logs Shared n/a The organization reviews historic audit logs to determine if a vulnerability identified in the information system has been previously exploited. Supplemental Guidance: Related control: AU-6. link 15
NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Risk Assessment Review Historic Audit Logs Shared n/a Review historic audit logs to determine if a vulnerability identified in a [Assignment: organization-defined system] has been previously exploited within an [Assignment: organization-defined time period]. link 15
SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 6. Detect Anomalous Activity to Systems or Transaction Records Ensure that local SWIFT infrastructure is protected against malware and act upon results. Shared n/a Anti-malware software from a reputable vendor is installed, kept up-to-date on all systems, and results are considered for appropriate resolving actions. link 31
SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 6. Detect Anomalous Activity to Systems or Transaction Records Record security events and detect anomalous actions and operations within the local SWIFT environment. Shared n/a Capabilities to detect anomalous activity are implemented, and a process or tool is in place to keep and review logs. link 52
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add a30bd8e9-7064-312a-0e1f-e1b485d59f6e
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC