last sync: 2023-Jan-27 18:40:07 UTC

Azure Policy definition

Install an alarm system

Name Install an alarm system
Azure Portal
Id aa0ddd99-43eb-302d-3f8f-42b499182960
Version 1.1.0
details on versioning
Category Regulatory Compliance
Microsoft docs
Description CMA_0338 - Install an alarm system
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Manual
Allowed
Manual, Disabled
RBAC
Role(s)
none
Rule
Aliases
Rule
ResourceTypes
IF (1)
Microsoft.Resources/subscriptions
Compliance The following 22 compliance controls are associated with this Policy definition 'Install an alarm system' (aa0ddd99-43eb-302d-3f8f-42b499182960)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 PE-14(2) FedRAMP_High_R4_PE-14(2) FedRAMP High PE-14 (2) Physical And Environmental Protection Monitoring With Alarms / Notifications Shared n/a The organization employs temperature and humidity monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment. link 2
FedRAMP_High_R4 PE-6(1) FedRAMP_High_R4_PE-6(1) FedRAMP High PE-6 (1) Physical And Environmental Protection Intrusion Alarms / Surveillance Equipment Shared n/a The organization monitors physical intrusion alarms and surveillance equipment. link 2
FedRAMP_Moderate_R4 PE-14(2) FedRAMP_Moderate_R4_PE-14(2) FedRAMP Moderate PE-14 (2) Physical And Environmental Protection Monitoring With Alarms / Notifications Shared n/a The organization employs temperature and humidity monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment. link 2
FedRAMP_Moderate_R4 PE-6(1) FedRAMP_Moderate_R4_PE-6(1) FedRAMP Moderate PE-6 (1) Physical And Environmental Protection Intrusion Alarms / Surveillance Equipment Shared n/a The organization monitors physical intrusion alarms and surveillance equipment. link 2
hipaa 0505.09m2Organizational.3-09.m hipaa-0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 05 Wireless Security 0505.09m2Organizational.3-09.m 09.06 Network Security Management Shared n/a Quarterly scans are performed to identify unauthorized wireless access points, and appropriate action is taken if any unauthorized access points are discovered. 8
hipaa 1331.02e3Organizational.4-02.e hipaa-1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 13 Education, Training and Awareness 1331.02e3Organizational.4-02.e 02.03 During Employment Shared n/a The organization trains workforce members on how to properly respond to perimeter security alarms. 6
hipaa 1812.08b3Organizational.46-08.b hipaa-1812.08b3Organizational.46-08.b 1812.08b3Organizational.46-08.b 18 Physical & Environmental Security 1812.08b3Organizational.46-08.b 08.01 Secure Areas Shared n/a Intrusion detection systems (e.g., alarms and surveillance equipment) are installed on all external doors and accessible windows, the systems are monitored, and incidents/alarms are investigated. 3
hipaa 1813.08b3Organizational.56-08.b hipaa-1813.08b3Organizational.56-08.b 1813.08b3Organizational.56-08.b 18 Physical & Environmental Security 1813.08b3Organizational.56-08.b 08.01 Secure Areas Shared n/a The organization actively monitors unoccupied areas at all times and sensitive and/or restricted areas in real time as appropriate for the area. 4
hipaa 18145.08b3Organizational.7-08.b hipaa-18145.08b3Organizational.7-08.b 18145.08b3Organizational.7-08.b 18 Physical & Environmental Security 18145.08b3Organizational.7-08.b 08.01 Secure Areas Shared n/a The organization regularly tests alarms to ensure proper operation. 2
hipaa 18146.08b3Organizational.8-08.b hipaa-18146.08b3Organizational.8-08.b 18146.08b3Organizational.8-08.b 18 Physical & Environmental Security 18146.08b3Organizational.8-08.b 08.01 Secure Areas Shared n/a The organization maintains an electronic log of alarm system events and regularly reviews the logs, no less than monthly. 4
hipaa 1816.08d2Organizational.4-08.d hipaa-1816.08d2Organizational.4-08.d 1816.08d2Organizational.4-08.d 18 Physical & Environmental Security 1816.08d2Organizational.4-08.d 08.01 Secure Areas Shared n/a Any security threats presented by neighboring premises are identified. 4
ISO27001-2013 A.11.1.1 ISO27001-2013_A.11.1.1 ISO 27001:2013 A.11.1.1 Physical And Environmental Security Physical security perimeter Shared n/a Security perimeters shall be defined and used to protect areas that contain either sensitive or critical information and information processing facilities. link 8
ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Physical And Environmental Security Protecting against external and environmental threats Shared n/a Physical protection against natural disasters, malicious attack or accidents shall be designed and applied. link 9
ISO27001-2013 A.11.1.6 ISO27001-2013_A.11.1.6 ISO 27001:2013 A.11.1.6 Physical And Environmental Security Delivering and loading areas Shared n/a Access points such as delivery and loading areas and other points where unauthorized persons could enter the premises shall be controlled and, if possible, isolated from information processing facilities to avoid unauthorized access. link 5
ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Operations Security Change management Shared n/a Changes to organization, business processes, information processing facilities and systems that affect information security shall be controlled. link 27
NIST_SP_800-171_R2_3 .10.2 NIST_SP_800-171_R2_3.10.2 NIST SP 800-171 R2 3.10.2 Physical Protection Protect and monitor the physical facility and support infrastructure for organizational systems. Shared Microsoft is responsible for implementing this requirement. Monitoring of physical access includes publicly accessible areas within organizational facilities. This can be accomplished, for example, by the employment of guards; the use of sensor devices; or the use of video surveillance equipment such as cameras. Examples of support infrastructure include system distribution, transmission, and power lines. Security controls applied to the support infrastructure prevent accidental damage, disruption, and physical tampering. Such controls may also be necessary to prevent eavesdropping or modification of unencrypted transmissions. Physical access controls to support infrastructure include locked wiring closets; disconnected or locked spare jacks; protection of cabling by conduit or cable trays; and wiretapping sensors. link 2
NIST_SP_800-53_R4 PE-14(2) NIST_SP_800-53_R4_PE-14(2) NIST SP 800-53 Rev. 4 PE-14 (2) Physical And Environmental Protection Monitoring With Alarms / Notifications Shared n/a The organization employs temperature and humidity monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment. link 2
NIST_SP_800-53_R4 PE-6(1) NIST_SP_800-53_R4_PE-6(1) NIST SP 800-53 Rev. 4 PE-6 (1) Physical And Environmental Protection Intrusion Alarms / Surveillance Equipment Shared n/a The organization monitors physical intrusion alarms and surveillance equipment. link 2
NIST_SP_800-53_R5 PE-14(2) NIST_SP_800-53_R5_PE-14(2) NIST SP 800-53 Rev. 5 PE-14 (2) Physical and Environmental Protection Monitoring with Alarms and Notifications Shared n/a Employ environmental control monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment to [Assignment: organization-defined personnel or roles]. link 2
NIST_SP_800-53_R5 PE-6(1) NIST_SP_800-53_R5_PE-6(1) NIST SP 800-53 Rev. 5 PE-6 (1) Physical and Environmental Protection Intrusion Alarms and Surveillance Equipment Shared n/a Monitor physical access to the facility where the system resides using physical intrusion alarms and surveillance equipment. link 2
SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Additional Criteria For Availability Environmental protections, software, data back-up processes, and recovery infrastructure Shared The customer is responsible for implementing this recommendation. Identifies Environmental Threats — As part of the risk assessment process, management identifies environmental threats that could impair the availability of the system, including threats resulting from adverse weather, failure of environmental control systems, electrical discharge, fire, and water. • Designs Detection Measures — Detection measures are implemented to identify anomalies that could result from environmental threat events. • Implements and Maintains Environmental Protection Mechanisms — Management implements and maintains environmental protection mechanisms to prevent and mitigate environmental events. • Implements Alerts to Analyze Anomalies — Management implements alerts that are communicated to personnel for analysis to identify environmental threat events. • Responds to Environmental Threat Events — Procedures are in place for responding to environmental threat events and for evaluating the effectiveness of those policies and procedures on a periodic basis. This includes automatic mitigation systems (for example, uninterruptable power system and generator backup subsystem). • Communicates and Reviews Detected Environmental Threat Events — Detected environmental threat events are communicated to and reviewed by the individuals responsible for the management of the system and actions are taken, if necessary. • Determines Data Requiring Backup — Data is evaluated to determine whether backup is required. • Performs Data Backup — Procedures are in place for backing up data, monitoring to detect backup failures, and initiating corrective action when such failures occur. • Addresses Offsite Storage — Backup data is stored in a location at a distance from its principal storage location sufficient that the likelihood of a security or environmental threat event affecting both sets of data is reduced to an appropriate level. • Implements Alternate Processing Infrastructure — Measures are implemented for migrating processing to alternate infrastructure in the event normal processing infrastructure becomes unavailable. 13
SWIFT_CSCF_v2022 3.1 SWIFT_CSCF_v2022_3.1 SWIFT CSCF v2022 3.1 3. Physically Secure the Environment Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. Shared n/a Physical security controls are in place to protect access to sensitive equipment, hosting sites, and storage. link 8
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add aa0ddd99-43eb-302d-3f8f-42b499182960
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
NIST SP 800-171 Rev. 2 03055927-78bd-4236-86c0-f36125a10dc9 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
SOC 2 Type 2 4054785f-702b-4a98-9215-009cbd58b141 Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
JSON
changes

JSON