AzPolicyAdvertizer

last sync: 2025-Jul-18 17:23:11 UTC

Ensure cryptographic mechanisms are under configuration management | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Ensure cryptographic mechanisms are under configuration management
Id b8dad106-6444-5f55-307e-1e1cc9723e39
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1199 - Ensure cryptographic mechanisms are under configuration management
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Additional metadata Name/Id: CMA_C1199 / CMA_C1199
Category: Operational
Title: Ensure cryptographic mechanisms are under configuration management
Ownership: Customer
Description: The customer is responsible for ensuring that cryptographic mechanisms are under configuration management. Microsoft Azure provides the capability for customers to implement configuration management actions over cryptographic secrets using Key Vault functionality, including granular management of cryptographic keys.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Compliance
The following 11 compliance controls are associated with this Policy definition 'Ensure cryptographic mechanisms are under configuration management' (b8dad106-6444-5f55-307e-1e1cc9723e39)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 9 AppService Ensure Azure Keyvaults are used to store secrets Shared The customer is responsible for implementing this recommendation. Encryption keys ,Certificate thumbprints and Managed Identity Credentials can be coded into the APP service, this renders them visible as part of the configuration, to maintain security of these keys it is better to store in an Azure Keyvault and reference them from the Keyvault. link 9
CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 9 AppService Ensure Azure Keyvaults are Used to Store Secrets Shared The customer is responsible for implementing this recommendation. Encryption keys ,Certificate thumbprints and Managed Identity Credentials can be coded into the APP service, this renders them visible as part of the configuration, to maintain security of these keys it is better to store in an Azure Keyvault and reference them from the Keyvault. link 9
FedRAMP_High_R4 CM-3(6) FedRAMP_High_R4_CM-3(6) FedRAMP High CM-3 (6) Configuration Management Cryptography Management Shared n/a The organization ensures that cryptographic mechanisms used to provide [Assignment: organization-defined security safeguards] are under configuration management. Supplemental Guidance: Regardless of the cryptographic means employed (e.g., public key, private key, shared secrets), organizations ensure that there are processes and procedures in place to effectively manage those means. For example, if devices use certificates as a basis for identification and authentication, there needs to be a process in place to address the expiration of those certificates. Related control: SC-13. link 1
NIST_SP_800-53_R4 CM-3(6) NIST_SP_800-53_R4_CM-3(6) NIST SP 800-53 Rev. 4 CM-3 (6) Configuration Management Cryptography Management Shared n/a The organization ensures that cryptographic mechanisms used to provide [Assignment: organization-defined security safeguards] are under configuration management. Supplemental Guidance: Regardless of the cryptographic means employed (e.g., public key, private key, shared secrets), organizations ensure that there are processes and procedures in place to effectively manage those means. For example, if devices use certificates as a basis for identification and authentication, there needs to be a process in place to address the expiration of those certificates. Related control: SC-13. link 1
NIST_SP_800-53_R5 CM-3(6) NIST_SP_800-53_R5_CM-3(6) NIST SP 800-53 Rev. 5 CM-3 (6) Configuration Management Cryptography Management Shared n/a Ensure that cryptographic mechanisms used to provide the following controls are under configuration management: [Assignment: organization-defined controls]. link 1
op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found n/a n/a 50
op.exp.2 Security configuration op.exp.2 Security configuration 404 not found n/a n/a 112
op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found n/a n/a 123
op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found n/a n/a 78
op.exp.5 Change management op.exp.5 Change management 404 not found n/a n/a 71
op.mon.3 Monitoring op.mon.3 Monitoring 404 not found n/a n/a 51
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
CIS Microsoft Azure Foundations Benchmark v1.3.0 612b5213-9160-4969-8578-1518bd2a000c Regulatory Compliance GA BuiltIn true
CIS Microsoft Azure Foundations Benchmark v1.4.0 c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5 Regulatory Compliance GA BuiltIn unknown
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn true
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn true
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn true
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-02 16:33:37 add b8dad106-6444-5f55-307e-1e1cc9723e39
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC