compliance controls are associated with this Policy definition 'Require encryption on Data Lake Store accounts' (a7ff3161-0087-490a-9ad9-ad6217f4f43a)
Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
CMMC_L3 |
SC.3.177 |
CMMC_L3_SC.3.177 |
CMMC L3 SC.3.177 |
System and Communications Protection |
Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Cryptography can be employed to support many security solutions including the protection of controlled unclassified information, the provision of digital signatures, and the enforcement of information separation when authorized individuals have the necessary clearances for such information but lack the necessary formal access approvals. Cryptography can also be used to support random number generation and hash generation. Cryptographic standards include FIPSvalidated cryptography and/or NSA-approved cryptography. |
link |
25 |
CMMC_L3 |
SC.3.191 |
CMMC_L3_SC.3.191 |
CMMC L3 SC.3.191 |
System and Communications Protection |
Protect the confidentiality of CUI at rest. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Information at rest refers to the state of information when it is not in process or in transit and is located on storage devices as specific components of systems. The focus of protection at rest is not on the type of storage device or the frequency of access but rather the state of the information. Organizations can use different mechanisms to achieve confidentiality protections, including the use of cryptographic mechanisms and file share scanning. Organizations may also use other controls including secure off-line storage in lieu of online storage when adequate protection of information at rest cannot otherwise be achieved or continuous monitoring to identify malicious code at rest. |
link |
13 |
hipaa |
0304.09o3Organizational.1-09.o |
hipaa-0304.09o3Organizational.1-09.o |
0304.09o3Organizational.1-09.o |
03 Portable Media Security |
0304.09o3Organizational.1-09.o 09.07 Media Handling |
Shared |
n/a |
The organization restricts the use of writable removable media and personally-owned removable media in organizational systems. |
|
8 |
K_ISMS_P_2018 |
2.10.1 |
K_ISMS_P_2018_2.10.1 |
K ISMS P 2018 2.10.1 |
2.10 |
Establish Procedures for Managing the Security of System Operations |
Shared |
n/a |
Establish and implement operating procedures for managing the security of system operations such as designating system administrators, updating policies, changing rulesets, monitoring events, managing policy implementations or exceptions. |
|
455 |
K_ISMS_P_2018 |
2.10.2 |
K_ISMS_P_2018_2.10.2 |
K ISMS P 2018 2.10.2 |
2.10 |
Establish Protective Measures for Administrator Privileges and Security Configurations |
Shared |
n/a |
Establish and implement protective measures with regard to administrator privileges and security configurations to ensure that important information and personal information are not exposed as a result of unauthorized access by service type or misconfigurations. |
|
431 |
K_ISMS_P_2018 |
2.7.1b |
K_ISMS_P_2018_2.7.1b |
K ISMS P 2018 2.7.1b |
2.7 |
Ensure Data is Encrypted at Rest and In-Transit |
Shared |
n/a |
Ensure data is encrypted when storing and transmitting personal and important information. |
|
70 |
New_Zealand_ISM |
23.4.9.C.01 |
New_Zealand_ISM_23.4.9.C.01 |
New_Zealand_ISM_23.4.9.C.01 |
23. Public Cloud Security |
23.4.9.C.01 Data protection mechanisms |
|
n/a |
For each cloud service, agencies MUST ensure that the mechanisms used to protect data meet agency requirements. |
|
17 |