compliance controls are associated with this Policy definition '[Preview]: Container Registry should use a virtual network service endpoint' (c4857be7-912a-4c75-87e6-e30292bcdf78)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| Azure_Security_Benchmark_v1.0 |
1.1 |
Azure_Security_Benchmark_v1.0_1.1 |
Azure Security Benchmark 1.1 |
Network Security |
Protect resources using Network Security Groups or Azure Firewall on your Virtual Network |
Customer |
Ensure that all Virtual Network subnet deployments have a Network Security Group applied with network access controls specific to your application's trusted ports and sources. Use Azure Services with Private Link enabled, deploy the service inside your Vnet, or connect privately using Private Endpoints. For service specific requirements, please refer to the security recommendation for that specific service.
Alternatively, if you have a specific use case, requirements can be met by implementing Azure Firewall.
General Information on Private Link:
https://docs.microsoft.com/azure/private-link/private-link-overview
How to create a Virtual Network:
https://docs.microsoft.com/azure/virtual-network/quick-create-portal
How to create an NSG with a security configuration:
https://docs.microsoft.com/azure/virtual-network/tutorial-filter-network-traffic
How to deploy and configure Azure Firewall:
https://docs.microsoft.com/azure/firewall/tutorial-firewall-deploy-portal |
n/a |
link |
21 |
| hipaa |
0805.01m1Organizational.12-01.m |
hipaa-0805.01m1Organizational.12-01.m |
0805.01m1Organizational.12-01.m |
08 Network Protection |
0805.01m1Organizational.12-01.m 01.04 Network Access Control |
Shared |
n/a |
The organization's security gateways (e.g., firewalls) (i) enforce security policies; (ii) are configured to filter traffic between domains; (iii) block unauthorized access; (iv) are used to maintain segregation between internal wired, internal wireless, and external network segments (e.g., the Internet), including DMZs; and, (vi) enforce access control policies for each of the domains. |
|
12 |
| hipaa |
0806.01m2Organizational.12356-01.m |
hipaa-0806.01m2Organizational.12356-01.m |
0806.01m2Organizational.12356-01.m |
08 Network Protection |
0806.01m2Organizational.12356-01.m 01.04 Network Access Control |
Shared |
n/a |
The organization’s network is logically and physically segmented with a defined security perimeter and a graduated set of controls, including subnetworks for publicly accessible system components that are logically separated from the internal network, based on organizational requirements; traffic is controlled based on functionality required and classification of the data/systems based on a risk assessment and their respective security requirements. |
|
13 |
| hipaa |
0868.09m3Organizational.18-09.m |
hipaa-0868.09m3Organizational.18-09.m |
0868.09m3Organizational.18-09.m |
08 Network Protection |
0868.09m3Organizational.18-09.m 09.06 Network Security Management |
Shared |
n/a |
The organization builds a firewall configuration to restrict inbound and outbound traffic to that which is necessary for the covered data environment. |
|
5 |
| hipaa |
0869.09m3Organizational.19-09.m |
hipaa-0869.09m3Organizational.19-09.m |
0869.09m3Organizational.19-09.m |
08 Network Protection |
0869.09m3Organizational.19-09.m 09.06 Network Security Management |
Shared |
n/a |
The router configuration files are secured and synchronized. |
|
11 |
| hipaa |
0870.09m3Organizational.20-09.m |
hipaa-0870.09m3Organizational.20-09.m |
0870.09m3Organizational.20-09.m |
08 Network Protection |
0870.09m3Organizational.20-09.m 09.06 Network Security Management |
Shared |
n/a |
Access to all proxies is denied, except for those hosts, ports, and services that are explicitly required. |
|
8 |
| hipaa |
0871.09m3Organizational.22-09.m |
hipaa-0871.09m3Organizational.22-09.m |
0871.09m3Organizational.22-09.m |
08 Network Protection |
0871.09m3Organizational.22-09.m 09.06 Network Security Management |
Shared |
n/a |
Authoritative DNS servers are segregated into internal and external roles. |
|
4 |
| hipaa |
0894.01m2Organizational.7-01.m |
hipaa-0894.01m2Organizational.7-01.m |
0894.01m2Organizational.7-01.m |
08 Network Protection |
0894.01m2Organizational.7-01.m 01.04 Network Access Control |
Shared |
n/a |
Networks are segregated from production-level networks when migrating physical servers, applications, or data to virtualized servers. |
|
19 |
| SWIFT_CSCF_v2021 |
1.1 |
SWIFT_CSCF_v2021_1.1 |
SWIFT CSCF v2021 1.1 |
SWIFT Environment Protection |
SWIFT Environment Protection |
|
n/a |
Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. |
link |
30 |