AzPolicyAdvertizer

last sync: 2025-Jul-18 17:23:11 UTC

Require encryption on Data Lake Store accounts

Azure BuiltIn Policy definition

Source Azure Portal
Display name Require encryption on Data Lake Store accounts
Id a7ff3161-0087-490a-9ad9-ad6217f4f43a
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category Data Lake
Microsoft Learn
Description This policy ensures encryption is enabled on all Data Lake Store accounts
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Fixed
deny
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.DataLakeStore/accounts/encryptionState Microsoft.DataLakeStore accounts properties.encryptionState True False
Rule resource types IF (1)
Compliance
The following 4 compliance controls are associated with this Policy definition 'Require encryption on Data Lake Store accounts' (a7ff3161-0087-490a-9ad9-ad6217f4f43a)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 System and Communications Protection Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. Shared Microsoft and the customer share responsibilities for implementing this requirement. Cryptography can be employed to support many security solutions including the protection of controlled unclassified information, the provision of digital signatures, and the enforcement of information separation when authorized individuals have the necessary clearances for such information but lack the necessary formal access approvals. Cryptography can also be used to support random number generation and hash generation. Cryptographic standards include FIPSvalidated cryptography and/or NSA-approved cryptography. link 25
CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 System and Communications Protection Protect the confidentiality of CUI at rest. Shared Microsoft and the customer share responsibilities for implementing this requirement. Information at rest refers to the state of information when it is not in process or in transit and is located on storage devices as specific components of systems. The focus of protection at rest is not on the type of storage device or the frequency of access but rather the state of the information. Organizations can use different mechanisms to achieve confidentiality protections, including the use of cryptographic mechanisms and file share scanning. Organizations may also use other controls including secure off-line storage in lieu of online storage when adequate protection of information at rest cannot otherwise be achieved or continuous monitoring to identify malicious code at rest. link 13
hipaa 0304.09o3Organizational.1-09.o hipaa-0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 03 Portable Media Security 0304.09o3Organizational.1-09.o 09.07 Media Handling Shared n/a The organization restricts the use of writable removable media and personally-owned removable media in organizational systems. 8
New_Zealand_ISM 23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 New_Zealand_ISM_23.4.9.C.01 23. Public Cloud Security 23.4.9.C.01 Data protection mechanisms n/a For each cloud service, agencies MUST ensure that the mechanisms used to protect data meet agency requirements. 17
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance GA BuiltIn true
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn unknown
New Zealand ISM 4f5b1359-4f8e-4d7c-9733-ea47fcde891e Regulatory Compliance GA BuiltIn unknown
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC