compliance controls are associated with this Policy definition 'Microsoft Antimalware for Azure should be configured to automatically update protection signatures' (c43e4a30-77cb-48ab-a4dd-93f175c63b57)
Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
Azure_Security_Benchmark_v1.0 |
2.8 |
Azure_Security_Benchmark_v1.0_2.8 |
Azure Security Benchmark 2.8 |
Logging and Monitoring |
Centralize anti-malware logging |
Customer |
Enable antimalware event collection for Azure Virtual Machines and Cloud Services.
How to configure Microsoft Antimalware for Virtual Machines:
https://docs.microsoft.com/powershell/module/servicemanagement/azure/set-azurevmmicrosoftantimalwareextension?view=azuresmps-4.0.0
How to configure Microsoft Antimalware for Cloud Services:
https://docs.microsoft.com/powershell/module/servicemanagement/azure/set-azureserviceantimalwareextension?view=azuresmps-4.0.0
Understand Microsoft Antimalware:
https://docs.microsoft.com/azure/security/fundamentals/antimalware |
n/a |
link |
1 |
Azure_Security_Benchmark_v1.0 |
8.3 |
Azure_Security_Benchmark_v1.0_8.3 |
Azure Security Benchmark 8.3 |
Malware Defense |
Ensure anti-malware software and signatures are updated |
Customer |
Microsoft Antimalware will automatically install the latest signatures and engine updates by default. Follow recommendations in Azure Security Center: "Compute & Apps" to ensure all endpoints are up to date with the latest signatures. For Linux, use third party antimalware solution.
How to deploy Microsoft Antimalware for Azure Cloud Services and Virtual Machines:
https://docs.microsoft.com/azure/security/fundamentals/antimalware |
n/a |
link |
1 |
CMMC_2.0_L2 |
SI.L1-3.14.2 |
CMMC_2.0_L2_SI.L1-3.14.2 |
404 not found |
|
|
|
n/a |
n/a |
|
11 |
CMMC_2.0_L2 |
SI.L1-3.14.4 |
CMMC_2.0_L2_SI.L1-3.14.4 |
404 not found |
|
|
|
n/a |
n/a |
|
3 |
CMMC_2.0_L2 |
SI.L1-3.14.5 |
CMMC_2.0_L2_SI.L1-3.14.5 |
404 not found |
|
|
|
n/a |
n/a |
|
4 |
CMMC_L3 |
SI.1.210 |
CMMC_L3_SI.1.210 |
CMMC L3 SI.1.210 |
System and Information Integrity |
Identify, report, and correct information and information system flaws in a timely manner. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Organizations identify systems that are affected by announced software and firmware flaws including potential vulnerabilities resulting from those flaws and report this information to designated personnel with information security responsibilities. Security-relevant updates include patches, service packs, hot fixes, and anti-virus signatures. Organizations address flaws discovered during security assessments, continuous monitoring, incident response activities, and system error handling. Organizations can take advantage of available resources such as the Common Weakness Enumeration (CWE) database or Common Vulnerabilities and Exposures (CVE) database in remediating flaws discovered in organizational systems.
Organization-defined time periods for updating security-relevant software and firmware may vary based on a variety of factors including the criticality of the update (i.e., severity of the vulnerability related to the discovered flaw). Some types of flaw remediation may require more testing than other types of remediation. |
link |
10 |
CMMC_L3 |
SI.1.211 |
CMMC_L3_SI.1.211 |
CMMC L3 SI.1.211 |
System and Information Integrity |
Provide protection from malicious code at appropriate locations within organizational information systems. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Designated locations include system entry and exit points which may include firewalls, remoteaccess servers, workstations, electronic mail servers, web servers, proxy servers, notebook computers, and mobile devices. Malicious code includes viruses, worms, Trojan horses, and spyware. Malicious code can be encoded in various formats (e.g., UUENCODE, Unicode), contained within compressed or hidden files, or hidden in files using techniques such as steganography. Malicious code can be inserted into systems in a variety of ways including web accesses, electronic mail, electronic mail attachments, and portable storage devices. Malicious code insertions occur through the exploitation of system vulnerabilities.
Malicious code protection mechanisms include anti-virus signature definitions and reputationbased technologies. A variety of technologies and methods exist to limit or eliminate the effects of malicious code. Pervasive configuration management and comprehensive software integrity controls may be effective in preventing execution of unauthorized code. In addition to commercial off-the-shelf software, malicious code may also be present in custom-built software. This could include logic bombs, back doors, and other types of cyber-attacks that could affect organizational missions/business functions. Traditional malicious code protection mechanisms cannot always detect such code. In these situations, organizations rely instead on other safeguards including secure coding practices, configuration management and control, trusted procurement processes, and monitoring practices to help ensure that software does not perform functions other than the functions intended. |
link |
2 |
CMMC_L3 |
SI.1.212 |
CMMC_L3_SI.1.212 |
CMMC L3 SI.1.212 |
System and Information Integrity |
Update malicious code protection mechanisms when new releases are available. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Malicious code protection mechanisms include anti-virus signature definitions and reputationbased technologies. A variety of technologies and methods exist to limit or eliminate the effects of malicious code. Pervasive configuration management and comprehensive software integrity controls may be effective in preventing execution of unauthorized code. In addition to commercial off-the-shelf software, malicious code may also be present in custom-built software. This could include logic bombs, back doors, and other types of cyber-attacks that could affect organizational missions/business functions. Traditional malicious code protection mechanisms cannot always detect such code. In these situations, organizations rely instead on other safeguards including secure coding practices, configuration management and control, trusted procurement processes, and monitoring practices to help ensure that software does not perform functions other than the functions intended. |
link |
1 |
CMMC_L3 |
SI.1.213 |
CMMC_L3_SI.1.213 |
CMMC L3 SI.1.213 |
System and Information Integrity |
Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Periodic scans of organizational systems and real-time scans of files from external sources can detect malicious code. Malicious code can be encoded in various formats (e.g., UUENCODE, Unicode), contained within compressed or hidden files, or hidden in files using techniques such as steganography. Malicious code can be inserted into systems in a variety of ways including web accesses, electronic mail, electronic mail attachments, and portable storage devices. Malicious code insertions occur through the exploitation of system vulnerabilities. |
link |
9 |
hipaa |
0201.09j1Organizational.124-09.j |
hipaa-0201.09j1Organizational.124-09.j |
0201.09j1Organizational.124-09.j |
02 Endpoint Protection |
0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code |
Shared |
n/a |
Anti-virus and anti-spyware are installed, operating and updated on all end-user devices to conduct periodic scans of the systems to identify and remove unauthorized software. Server environments for which the server software developer specifically recommends not installing host-based anti-virus and anti-spyware software are addressed via a network-based malware detection (NBMD) solution. |
|
15 |
New_Zealand_ISM |
14.1.9.C.01 |
New_Zealand_ISM_14.1.9.C.01 |
New_Zealand_ISM_14.1.9.C.01 |
14. Software security |
Standard Operating Environments - Maintaining hardened SOEs |
|
n/a |
Whilst a SOE can be sufficiently hardened when it is deployed |
|
16 |
NIST_SP_800-171_R2_3 |
.14.2 |
NIST_SP_800-171_R2_3.14.2 |
NIST SP 800-171 R2 3.14.2 |
System and Information Integrity |
Provide protection from malicious code at designated locations within organizational systems. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Designated locations include system entry and exit points which may include firewalls, remote-access servers, workstations, electronic mail servers, web servers, proxy servers, notebook computers, and mobile devices. Malicious code includes viruses, worms, Trojan horses, and spyware. Malicious code can be encoded in various formats (e.g., UUENCODE, Unicode), contained within compressed or hidden files, or hidden in files using techniques such as steganography. Malicious code can be inserted into systems in a variety of ways including web accesses, electronic mail, electronic mail attachments, and portable storage devices. Malicious code insertions occur through the exploitation of system vulnerabilities. Malicious code protection mechanisms include anti-virus signature definitions and reputation-based technologies. A variety of technologies and methods exist to limit or eliminate the effects of malicious code. Pervasive configuration management and comprehensive software integrity controls may be effective in preventing execution of unauthorized code. In addition to commercial off-the-shelf software, malicious code may also be present in custom-built software. This could include logic bombs, back doors, and other types of cyber-attacks that could affect organizational missions/business functions. Traditional malicious code protection mechanisms cannot always detect such code. In these situations, organizations rely instead on other safeguards including secure coding practices, configuration management and control, trusted procurement processes, and monitoring practices to help ensure that software does not perform functions other than the functions intended. [SP 800-83] provides guidance on malware incident prevention. |
link |
18 |
NIST_SP_800-171_R2_3 |
.14.4 |
NIST_SP_800-171_R2_3.14.4 |
NIST SP 800-171 R2 3.14.4 |
System and Information Integrity |
Update malicious code protection mechanisms when new releases are available. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Malicious code protection mechanisms include anti-virus signature definitions and reputation-based technologies. A variety of technologies and methods exist to limit or eliminate the effects of malicious code. Pervasive configuration management and comprehensive software integrity controls may be effective in preventing execution of unauthorized code. In addition to commercial off-the-shelf software, malicious code may also be present in custom-built software. This could include logic bombs, back doors, and other types of cyber-attacks that could affect organizational missions/business functions. Traditional malicious code protection mechanisms cannot always detect such code. In these situations, organizations rely instead on other safeguards including secure coding practices, configuration management and control, trusted procurement processes, and monitoring practices to help ensure that software does not perform functions other than the functions intended. |
link |
9 |
NIST_SP_800-171_R2_3 |
.14.5 |
NIST_SP_800-171_R2_3.14.5 |
NIST SP 800-171 R2 3.14.5 |
System and Information Integrity |
Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Periodic scans of organizational systems and real-time scans of files from external sources can detect malicious code. Malicious code can be encoded in various formats (e.g., UUENCODE, Unicode), contained within compressed or hidden files, or hidden in files using techniques such as steganography. Malicious code can be inserted into systems in a variety of ways including web accesses, electronic mail, electronic mail attachments, and portable storage devices. Malicious code insertions occur through the exploitation of system vulnerabilities. |
link |
4 |
RMiT_v1.0 |
10.63 |
RMiT_v1.0_10.63 |
RMiT 10.63 |
Patch and End-of-Life System Management |
Patch and End-of-Life System Management - 10.63 |
Shared |
n/a |
A financial institution must ensure that critical systems are not running on outdated systems with known security vulnerabilities or end-of-life (EOL) technology systems. In this regard, a financial institution must clearly assign responsibilities to identified functions:
(a) to continuously monitor and implement latest patch releases in a timely manner; and
(b) identify critical technology systems that are approaching EOL for further remedial action. |
link |
2 |
SWIFT_CSCF_v2021 |
6.1 |
SWIFT_CSCF_v2021_6.1 |
SWIFT CSCF v2021 6.1 |
Detect Anomalous Activity to Systems or Transaction Records |
Malware Protection |
|
n/a |
Ensure that local SWIFT infrastructure is protected against malware. |
link |
2 |
SWIFT_CSCF_v2022 |
6.1 |
SWIFT_CSCF_v2022_6.1 |
SWIFT CSCF v2022 6.1 |
6. Detect Anomalous Activity to Systems or Transaction Records |
Ensure that local SWIFT infrastructure is protected against malware and act upon results. |
Shared |
n/a |
Anti-malware software from a reputable vendor is installed, kept up-to-date on all systems, and results are considered for appropriate resolving actions. |
link |
29 |