last sync: 2023-Jan-27 18:40:07 UTC

Azure Policy definition

Ensure cryptographic mechanisms are under configuration management

Name Ensure cryptographic mechanisms are under configuration management
Azure Portal
Id b8dad106-6444-5f55-307e-1e1cc9723e39
Version 1.1.0
details on versioning
Category Regulatory Compliance
Microsoft docs
Description CMA_C1199 - Ensure cryptographic mechanisms are under configuration management
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Manual
Allowed
Manual, Disabled
RBAC
Role(s)
none
Rule
Aliases
Rule
ResourceTypes
IF (1)
Microsoft.Resources/subscriptions
Compliance The following 5 compliance controls are associated with this Policy definition 'Ensure cryptographic mechanisms are under configuration management' (b8dad106-6444-5f55-307e-1e1cc9723e39)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 9 AppService Ensure Azure Keyvaults are used to store secrets Shared The customer is responsible for implementing this recommendation. Encryption keys ,Certificate thumbprints and Managed Identity Credentials can be coded into the APP service, this renders them visible as part of the configuration, to maintain security of these keys it is better to store in an Azure Keyvault and reference them from the Keyvault. link 9
CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 9 AppService Ensure Azure Keyvaults are Used to Store Secrets Shared The customer is responsible for implementing this recommendation. Encryption keys ,Certificate thumbprints and Managed Identity Credentials can be coded into the APP service, this renders them visible as part of the configuration, to maintain security of these keys it is better to store in an Azure Keyvault and reference them from the Keyvault. link 9
FedRAMP_High_R4 CM-3(6) FedRAMP_High_R4_CM-3(6) FedRAMP High CM-3 (6) Configuration Management Cryptography Management Shared n/a The organization ensures that cryptographic mechanisms used to provide [Assignment: organization-defined security safeguards] are under configuration management. Supplemental Guidance: Regardless of the cryptographic means employed (e.g., public key, private key, shared secrets), organizations ensure that there are processes and procedures in place to effectively manage those means. For example, if devices use certificates as a basis for identification and authentication, there needs to be a process in place to address the expiration of those certificates. Related control: SC-13. link 1
NIST_SP_800-53_R4 CM-3(6) NIST_SP_800-53_R4_CM-3(6) NIST SP 800-53 Rev. 4 CM-3 (6) Configuration Management Cryptography Management Shared n/a The organization ensures that cryptographic mechanisms used to provide [Assignment: organization-defined security safeguards] are under configuration management. Supplemental Guidance: Regardless of the cryptographic means employed (e.g., public key, private key, shared secrets), organizations ensure that there are processes and procedures in place to effectively manage those means. For example, if devices use certificates as a basis for identification and authentication, there needs to be a process in place to address the expiration of those certificates. Related control: SC-13. link 1
NIST_SP_800-53_R5 CM-3(6) NIST_SP_800-53_R5_CM-3(6) NIST SP 800-53 Rev. 5 CM-3 (6) Configuration Management Cryptography Management Shared n/a Ensure that cryptographic mechanisms used to provide the following controls are under configuration management: [Assignment: organization-defined controls]. link 1
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-02 16:33:37 add b8dad106-6444-5f55-307e-1e1cc9723e39
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
CIS Microsoft Azure Foundations Benchmark v1.3.0 612b5213-9160-4969-8578-1518bd2a000c Regulatory Compliance GA BuiltIn
CIS Microsoft Azure Foundations Benchmark v1.4.0 c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5 Regulatory Compliance GA BuiltIn
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
JSON
changes

JSON