last sync: 2024-Jun-13 18:14:14 UTC

Automate remote maintenance activities | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Automate remote maintenance activities
Id b8587fce-138f-86e8-33a3-c60768bf1da6
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1402 - Automate remote maintenance activities
Additional metadata Name/Id: CMA_C1402 / CMA_C1402
Category: Operational
Title: Automate remote maintenance activities
Ownership: Customer
Description: The customer is responsible for automating remote maintenance activities to schedule, conduct, and document remote maintenance and repairs of customer-deployed operating systems.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 9 compliance controls are associated with this Policy definition 'Automate remote maintenance activities' (b8587fce-138f-86e8-33a3-c60768bf1da6)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 MA-2(2) FedRAMP_High_R4_MA-2(2) FedRAMP High MA-2 (2) Maintenance Automated Maintenance Activities Shared n/a The organization: (a) Employs automated mechanisms to schedule, conduct, and document maintenance and repairs; and (b) Produces up-to date, accurate, and complete records of all maintenance and repair actions requested, scheduled, in process, and completed. Supplemental Guidance: Related controls: CA-7, MA-3. References: None. link 2
hipaa 1803.08b1Organizational.5-08.b hipaa-1803.08b1Organizational.5-08.b 1803.08b1Organizational.5-08.b 18 Physical & Environmental Security 1803.08b1Organizational.5-08.b 08.01 Secure Areas Shared n/a Repairs or modifications to the physical components of a facility which are related to security (e.g., hardware, walls, doors and locks) are documented and retained in accordance with the organization's retention policy. 3
hipaa 1819.08j1Organizational.23-08.j hipaa-1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 18 Physical & Environmental Security 1819.08j1Organizational.23-08.j 08.02 Equipment Security Shared n/a Maintenance and service are controlled and conducted by authorized personnel in accordance with supplier-recommended intervals, insurance policies and the organization’s maintenance program, taking into account whether this maintenance is performed by personnel on site or external to the organization. 7
hipaa 1821.08j2Organizational.3-08.j hipaa-1821.08j2Organizational.3-08.j 1821.08j2Organizational.3-08.j 18 Physical & Environmental Security 1821.08j2Organizational.3-08.j 08.02 Equipment Security Shared n/a Following maintenance, security controls are checked and verified. 4
hipaa 1822.08j2Organizational.2-08.j hipaa-1822.08j2Organizational.2-08.j 1822.08j2Organizational.2-08.j 18 Physical & Environmental Security 1822.08j2Organizational.2-08.j 08.02 Equipment Security Shared n/a Records of maintenance are maintained. 4
ISO27001-2013 A.11.2.4 ISO27001-2013_A.11.2.4 ISO 27001:2013 A.11.2.4 Physical And Environmental Security Equipment maintenance Shared n/a Equipment shall be correctly maintained to ensure its continued availability and integrity. link 9
NIST_SP_800-53_R4 MA-2(2) NIST_SP_800-53_R4_MA-2(2) NIST SP 800-53 Rev. 4 MA-2 (2) Maintenance Automated Maintenance Activities Shared n/a The organization: (a) Employs automated mechanisms to schedule, conduct, and document maintenance and repairs; and (b) Produces up-to date, accurate, and complete records of all maintenance and repair actions requested, scheduled, in process, and completed. Supplemental Guidance: Related controls: CA-7, MA-3. References: None. link 2
NIST_SP_800-53_R5 MA-2(2) NIST_SP_800-53_R5_MA-2(2) NIST SP 800-53 Rev. 5 MA-2 (2) Maintenance Automated Maintenance Activities Shared n/a (a) Schedule, conduct, and document maintenance, repair, and replacement actions for the system using [Assignment: organization-defined automated mechanisms]; and (b) Produce up-to date, accurate, and complete records of all maintenance, repair, and replacement actions requested, scheduled, in process, and completed. link 2
op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found n/a n/a 78
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add b8587fce-138f-86e8-33a3-c60768bf1da6
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC