last sync: 2023-Jun-02 17:44:47 UTC

Azure Policy definition

Automate flaw remediation

Name Automate flaw remediation
Azure Portal
Id a90c4d44-7fac-8e02-6d5b-0d92046b20e6
Version 1.1.0
details on versioning
Category Regulatory Compliance
Microsoft docs
Description CMA_0027 - Automate flaw remediation
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Manual
Allowed
Manual, Disabled
RBAC
Role(s)
none
Rule
Aliases
Rule
ResourceTypes
IF (1)
Microsoft.Resources/subscriptions
Compliance The following 8 compliance controls are associated with this Policy definition 'Automate flaw remediation' (a90c4d44-7fac-8e02-6d5b-0d92046b20e6)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 SI-2(2) FedRAMP_High_R4_SI-2(2) FedRAMP High SI-2 (2) System And Information Integrity Automated Flaw Remediation Status Shared n/a The organization employs automated mechanisms [Assignment: organization-defined frequency] to determine the state of information system components with regard to flaw remediation. Supplemental Guidance: Related controls: CM-6, SI-4. link 2
FedRAMP_Moderate_R4 SI-2(2) FedRAMP_Moderate_R4_SI-2(2) FedRAMP Moderate SI-2 (2) System And Information Integrity Automated Flaw Remediation Status Shared n/a The organization employs automated mechanisms [Assignment: organization-defined frequency] to determine the state of information system components with regard to flaw remediation. Supplemental Guidance: Related controls: CM-6, SI-4. link 2
hipaa 0713.10m2Organizational.5-10.m hipaa-0713.10m2Organizational.5-10.m 0713.10m2Organizational.5-10.m 07 Vulnerability Management 0713.10m2Organizational.5-10.m 10.06 Technical Vulnerability Management Shared n/a Patches are tested and evaluated before they are installed. 5
hipaa 0718.10m3Organizational.34-10.m hipaa-0718.10m3Organizational.34-10.m 0718.10m3Organizational.34-10.m 07 Vulnerability Management 0718.10m3Organizational.34-10.m 10.06 Technical Vulnerability Management Shared n/a The organization scans for vulnerabilities in the information system and hosted applications to determine the state of flaw remediation monthly (automatically), and again (manually or automatically) when new vulnerabilities potentially affecting the systems and networked environments are identified and reported. 4
hipaa 0787.10m2Organizational.14-10.m hipaa-0787.10m2Organizational.14-10.m 0787.10m2Organizational.14-10.m 07 Vulnerability Management 0787.10m2Organizational.14-10.m 10.06 Technical Vulnerability Management Shared n/a Patches installed in the production environment are also installed in the organization's disaster recovery environment in a timely manner. 4
hipaa 1791.10a2Organizational.6-10.a hipaa-1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 17 Risk Management 1791.10a2Organizational.6-10.a 10.01 Security Requirements of Information Systems Shared n/a Specifications for the security control requirements state automated controls will be incorporated in the information system, supplemented by manual controls as needed, as evidenced throughout the SDLC. 5
NIST_SP_800-53_R4 SI-2(2) NIST_SP_800-53_R4_SI-2(2) NIST SP 800-53 Rev. 4 SI-2 (2) System And Information Integrity Automated Flaw Remediation Status Shared n/a The organization employs automated mechanisms [Assignment: organization-defined frequency] to determine the state of information system components with regard to flaw remediation. Supplemental Guidance: Related controls: CM-6, SI-4. link 2
NIST_SP_800-53_R5 SI-2(2) NIST_SP_800-53_R5_SI-2(2) NIST SP 800-53 Rev. 5 SI-2 (2) System and Information Integrity Automated Flaw Remediation Status Shared n/a Determine if system components have applicable security-relevant software and firmware updates installed using [Assignment: organization-defined automated mechanisms] [Assignment: organization-defined frequency]. link 2
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add a90c4d44-7fac-8e02-6d5b-0d92046b20e6
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
JSON