last sync: 2023-Jan-27 18:40:07 UTC

Azure Policy definition

Geo-redundant storage should be enabled for Storage Accounts

Name Geo-redundant storage should be enabled for Storage Accounts
Azure Portal
Id bf045164-79ba-4215-8f95-f8048dc1780b
Version 1.0.0
details on versioning
Category Storage
Microsoft docs
Description Use geo-redundancy to create highly available applications
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Audit
Allowed
Audit, Disabled
RBAC
Role(s)
none
Rule
Aliases
IF (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Storage/storageAccounts/sku.name Microsoft.Storage storageAccounts sku.name false
Rule
ResourceTypes
IF (1)
Microsoft.Storage/storageAccounts
Compliance The following 11 compliance controls are associated with this Policy definition 'Geo-redundant storage should be enabled for Storage Accounts' (bf045164-79ba-4215-8f95-f8048dc1780b)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 CP-6 FedRAMP_High_R4_CP-6 FedRAMP High CP-6 Contingency Planning Alternate Storage Site Shared n/a The organization: a. Establishes an alternate storage site including necessary agreements to permit the storage and retrieval of information system backup information; and b. Ensures that the alternate storage site provides information security safeguards equivalent to that of the primary site. Supplemental Guidance: Alternate storage sites are sites that are geographically distinct from primary storage sites. An alternate storage site maintains duplicate copies of information and data in the event that the primary storage site is not available. Items covered by alternate storage site agreements include, for example, environmental conditions at alternate sites, access rules, physical and environmental protection requirements, and coordination of delivery/retrieval of backup media. Alternate storage sites reflect the requirements in contingency plans so that organizations can maintain essential missions/business functions despite disruption, compromise, or failure in organizational information systems. Related controls: CP-2, CP-7, CP-9, CP-10, MP-4. References: NIST Special Publication 800-34. link 7
FedRAMP_High_R4 CP-6(1) FedRAMP_High_R4_CP-6(1) FedRAMP High CP-6 (1) Contingency Planning Separation From Primary Site Shared n/a The organization identifies an alternate storage site that is separated from the primary storage site to reduce susceptibility to the same threats. Supplemental Guidance: Threats that affect alternate storage sites are typically defined in organizational assessments of risk and include, for example, natural disasters, structural failures, hostile cyber attacks, and errors of omission/commission. Organizations determine what is considered a sufficient degree of separation between primary and alternate storage sites based on the types of threats that are of concern. For one particular type of threat (i.e., hostile cyber attack), the degree of separation between sites is less relevant. Related control: RA-3. link 6
FedRAMP_Moderate_R4 CP-6 FedRAMP_Moderate_R4_CP-6 FedRAMP Moderate CP-6 Contingency Planning Alternate Storage Site Shared n/a The organization: a. Establishes an alternate storage site including necessary agreements to permit the storage and retrieval of information system backup information; and b. Ensures that the alternate storage site provides information security safeguards equivalent to that of the primary site. Supplemental Guidance: Alternate storage sites are sites that are geographically distinct from primary storage sites. An alternate storage site maintains duplicate copies of information and data in the event that the primary storage site is not available. Items covered by alternate storage site agreements include, for example, environmental conditions at alternate sites, access rules, physical and environmental protection requirements, and coordination of delivery/retrieval of backup media. Alternate storage sites reflect the requirements in contingency plans so that organizations can maintain essential missions/business functions despite disruption, compromise, or failure in organizational information systems. Related controls: CP-2, CP-7, CP-9, CP-10, MP-4. References: NIST Special Publication 800-34. link 7
FedRAMP_Moderate_R4 CP-6(1) FedRAMP_Moderate_R4_CP-6(1) FedRAMP Moderate CP-6 (1) Contingency Planning Separation From Primary Site Shared n/a The organization identifies an alternate storage site that is separated from the primary storage site to reduce susceptibility to the same threats. Supplemental Guidance: Threats that affect alternate storage sites are typically defined in organizational assessments of risk and include, for example, natural disasters, structural failures, hostile cyber attacks, and errors of omission/commission. Organizations determine what is considered a sufficient degree of separation between primary and alternate storage sites based on the types of threats that are of concern. For one particular type of threat (i.e., hostile cyber attack), the degree of separation between sites is less relevant. Related control: RA-3. link 6
NIST_SP_800-53_R4 CP-6 NIST_SP_800-53_R4_CP-6 NIST SP 800-53 Rev. 4 CP-6 Contingency Planning Alternate Storage Site Shared n/a The organization: a. Establishes an alternate storage site including necessary agreements to permit the storage and retrieval of information system backup information; and b. Ensures that the alternate storage site provides information security safeguards equivalent to that of the primary site. Supplemental Guidance: Alternate storage sites are sites that are geographically distinct from primary storage sites. An alternate storage site maintains duplicate copies of information and data in the event that the primary storage site is not available. Items covered by alternate storage site agreements include, for example, environmental conditions at alternate sites, access rules, physical and environmental protection requirements, and coordination of delivery/retrieval of backup media. Alternate storage sites reflect the requirements in contingency plans so that organizations can maintain essential missions/business functions despite disruption, compromise, or failure in organizational information systems. Related controls: CP-2, CP-7, CP-9, CP-10, MP-4. References: NIST Special Publication 800-34. link 7
NIST_SP_800-53_R4 CP-6(1) NIST_SP_800-53_R4_CP-6(1) NIST SP 800-53 Rev. 4 CP-6 (1) Contingency Planning Separation From Primary Site Shared n/a The organization identifies an alternate storage site that is separated from the primary storage site to reduce susceptibility to the same threats. Supplemental Guidance: Threats that affect alternate storage sites are typically defined in organizational assessments of risk and include, for example, natural disasters, structural failures, hostile cyber attacks, and errors of omission/commission. Organizations determine what is considered a sufficient degree of separation between primary and alternate storage sites based on the types of threats that are of concern. For one particular type of threat (i.e., hostile cyber attack), the degree of separation between sites is less relevant. Related control: RA-3. link 6
NIST_SP_800-53_R5 CP-6 NIST_SP_800-53_R5_CP-6 NIST SP 800-53 Rev. 5 CP-6 Contingency Planning Alternate Storage Site Shared n/a a. Establish an alternate storage site, including necessary agreements to permit the storage and retrieval of system backup information; and b. Ensure that the alternate storage site provides controls equivalent to that of the primary site. link 7
NIST_SP_800-53_R5 CP-6(1) NIST_SP_800-53_R5_CP-6(1) NIST SP 800-53 Rev. 5 CP-6 (1) Contingency Planning Separation from Primary Site Shared n/a Identify an alternate storage site that is sufficiently separated from the primary storage site to reduce susceptibility to the same threats. link 6
RMiT_v1.0 10.51 RMiT_v1.0_10.51 RMiT 10.51 Cloud Services Cloud Services - 10.51 Shared n/a A financial institution is required to consult the Bank prior to the use of public cloud for critical systems. The financial institution is expected to demonstrate that specific risks associated with the use of cloud services for critical systems have been adequately considered and addressed. The risk assessment shall address the risks outlined in paragraph 10.49 as well as the following areas: (a) the adequacy of the overarching cloud adoption strategy of the financial institution including: (i) board oversight over cloud strategy and cloud operational management; (ii) senior management roles and responsibilities on cloud management; (iii) conduct of day-to-day operational management functions; (iv) management and oversight by the financial institution of cloud service providers; (v) quality of risk management and internal control functions; and (vi) strength of in-house competency and experience; (b) the availability of independent, internationally recognised certifications of the cloud service providers, at a minimum, in the following areas: (i) information security management framework, including cryptographic modules such as used for encryption and decryption of user data; and (ii) cloud-specific security controls for protection of customer and counterparty or proprietary information including payment transaction data in use, in storage and in transit; and (c) the degree to which the selected cloud configuration adequately addresses the following attributes: (i) geographical redundancy; (ii) high availability; (iii) scalability; (iv) portability; (v) interoperability; and (vi) strong recovery and resumption capability including appropriate alternate Internet path to protect against potential Internet faults. link 7
SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A Reduce Attack Surface and Vulnerabilities External Transmission Data Protection n/a Protect the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone as part of operational processes. link 12
SWIFT_CSCF_v2022 2.5A SWIFT_CSCF_v2022_2.5A SWIFT CSCF v2022 2.5A 2. Reduce Attack Surface and Vulnerabilities External Transmission Data Protection Customer n/a Protect the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone as part of operational processes. link 7
History
Date/Time (UTC ymd) (i) Change type Change detail
2019-10-29 23:04:36 add bf045164-79ba-4215-8f95-f8048dc1780b
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Deprecated]: DoD Impact Level 4 8d792a84-723c-4d92-a3c3-e4ed16a2d133 Regulatory Compliance Deprecated BuiltIn
[Preview]: SWIFT CSP-CSCF v2021 abf84fac-f817-a70c-14b5-47eec767458a Regulatory Compliance Preview BuiltIn
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
RMIT Malaysia 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6 Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
JSON