last sync: 2024-Jun-14 18:20:16 UTC

Microsoft Managed Control 1619 - Information In Shared Resources | Regulatory Compliance - System and Communications Protection

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1619 - Information In Shared Resources
Id c722e569-cb52-45f3-a643-836547d016e1
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this System and Communications Protection control
Additional metadata Name/Id: ACF1619 / Microsoft Managed Control 1619
Category: System and Communications Protection
Title: Information In Shared Resources
Ownership: Customer, Microsoft
Description: The information system prevents unauthorized and unintended information transfer via shared system resources.
Requirements: In order to transfer residual information on an Azure asset, the user must first access the asset. Azure prevents unauthorized and unintended information transfer by implementing several technical controls within the network, including isolation via VLANs and Network Security Groups (NSGs), and implementing strict flow control via ACLs to Azure from other internal Microsoft networks and from the internet. Strong access controls including multifactor authentication, JIT, and usage of security groups limit any unauthorized or unintended transfer of information through shared resources at an access control level. Azure performs logging and monitoring on all assets as a detective measure as well. Azure follows strict standards for overwriting storage resources before their reuse or the physical destruction of decommissioned hardware. Azure executes a complete deletion of data on customer request and on contract termination. Protection of Virtual Machines (VMs) is provided by hypervisor isolation of the Root OS from the Guest OS and the Guest OS from one another. The hypervisor acts like a micro-kernel and passes all hardware access requests from the Guest OS to the Root OS for processing using a shared-memory interface. This prevents users from obtaining raw read/write/execute access to the system and mitigates the risk of sharing system resources.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC