last sync: 2024-Apr-24 17:46:58 UTC

Create alternative actions for identified anomalies | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Create alternative actions for identified anomalies
Id cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1711 - Create alternative actions for identified anomalies
Additional metadata Name/Id: CMA_C1711 / CMA_C1711
Category: Operational
Title: Create alternative actions for identified anomalies
Ownership: Customer
Description: The customer is responsible for security function verification for customer-deployed resources and whether shutdown, restart, and/or an alternative customer-defined action is taken when anomalies are discovered.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 10 compliance controls are associated with this Policy definition 'Create alternative actions for identified anomalies' (cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 SI-6 FedRAMP_High_R4_SI-6 FedRAMP High SI-6 System And Information Integrity Security Function Verification Shared n/a The information system: a. Verifies the correct operation of [Assignment: organization-defined security functions]; b. Performs this verification [Selection (one or more): [Assignment: organization-defined system transitional states]; upon command by user with appropriate privilege; [Assignment: organization-defined frequency]]; c. Notifies [Assignment: organization-defined personnel or roles] of failed security verification tests; and d. [Selection (one or more): shuts the information system down; restarts the information system; [Assignment: organization-defined alternative action(s)]] when anomalies are discovered. Supplemental Guidance: Transitional states for information systems include, for example, system startup, restart, shutdown, and abort. Notifications provided by information systems include, for example, electronic alerts to system administrators, messages to local computer consoles, and/or hardware indications such as lights. Related controls: CA-7, CM-6. References: None. link 4
FedRAMP_Moderate_R4 SI-6 FedRAMP_Moderate_R4_SI-6 FedRAMP Moderate SI-6 System And Information Integrity Security Function Verification Shared n/a The information system: a. Verifies the correct operation of [Assignment: organization-defined security functions]; b. Performs this verification [Selection (one or more): [Assignment: organization-defined system transitional states]; upon command by user with appropriate privilege; [Assignment: organization-defined frequency]]; c. Notifies [Assignment: organization-defined personnel or roles] of failed security verification tests; and d. [Selection (one or more): shuts the information system down; restarts the information system; [Assignment: organization-defined alternative action(s)]] when anomalies are discovered. Supplemental Guidance: Transitional states for information systems include, for example, system startup, restart, shutdown, and abort. Notifications provided by information systems include, for example, electronic alerts to system administrators, messages to local computer consoles, and/or hardware indications such as lights. Related controls: CA-7, CM-6. References: None. link 4
hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 02 Endpoint Protection 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code Shared n/a Scans for malicious software are performed on boot and every 12 hours. 11
hipaa 1785.10a1Organizational.8-10.a hipaa-1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 17 Risk Management 1785.10a1Organizational.8-10.a 10.01 Security Requirements of Information Systems Shared n/a Where additional functionality is supplied and causes a security risk, the functionality is disabled or mitigated through application of additional controls. 5
NIST_SP_800-53_R4 SI-6 NIST_SP_800-53_R4_SI-6 NIST SP 800-53 Rev. 4 SI-6 System And Information Integrity Security Function Verification Shared n/a The information system: a. Verifies the correct operation of [Assignment: organization-defined security functions]; b. Performs this verification [Selection (one or more): [Assignment: organization-defined system transitional states]; upon command by user with appropriate privilege; [Assignment: organization-defined frequency]]; c. Notifies [Assignment: organization-defined personnel or roles] of failed security verification tests; and d. [Selection (one or more): shuts the information system down; restarts the information system; [Assignment: organization-defined alternative action(s)]] when anomalies are discovered. Supplemental Guidance: Transitional states for information systems include, for example, system startup, restart, shutdown, and abort. Notifications provided by information systems include, for example, electronic alerts to system administrators, messages to local computer consoles, and/or hardware indications such as lights. Related controls: CA-7, CM-6. References: None. link 4
NIST_SP_800-53_R5 SI-6 NIST_SP_800-53_R5_SI-6 NIST SP 800-53 Rev. 5 SI-6 System and Information Integrity Security and Privacy Function Verification Shared n/a a. Verify the correct operation of [Assignment: organization-defined security and privacy functions]; b. Perform the verification of the functions specified in SI-6a [Selection (OneOrMore): [Assignment: organization-defined system transitional states] ;upon command by user with appropriate privilege; [Assignment: organization-defined frequency] ] ; c. Alert [Assignment: organization-defined personnel or roles] to failed security and privacy verification tests; and d. [Selection (OneOrMore): Shut the system down;Restart the system; [Assignment: organization-defined alternative action(s)] ] when anomalies are discovered. link 4
PCI_DSS_v4.0 10.7.1 PCI_DSS_v4.0_10.7.1 PCI DSS v4.0 10.7.1 Requirement 10: Log and Monitor All Access to System Components and Cardholder Data Failures of critical security control systems are detected, reported, and responded to promptly Shared n/a Failures of critical security control systems are detected, alerted, and addressed promptly, including but not limited to failure of the following critical security control systems: • Network security controls • IDS/IPS • FIM • Anti-malware solutions • Physical access controls • Logical access controls • Audit logging mechanisms • Segmentation controls (if used) link 5
PCI_DSS_v4.0 10.7.2 PCI_DSS_v4.0_10.7.2 PCI DSS v4.0 10.7.2 Requirement 10: Log and Monitor All Access to System Components and Cardholder Data Failures of critical security control systems are detected, reported, and responded to promptly Shared n/a Failures of critical security control systems are detected, alerted, and addressed promptly, including but not limited to failure of the following critical security control systems: • Network security controls • IDS/IPS • Change-detection mechanisms • Anti-malware solutions • Physical access controls • Logical access controls • Audit logging mechanisms • Segmentation controls (if used) • Audit log review mechanisms • Automated security testing tools (if used) link 5
PCI_DSS_v4.0 10.7.3 PCI_DSS_v4.0_10.7.3 PCI DSS v4.0 10.7.3 Requirement 10: Log and Monitor All Access to System Components and Cardholder Data Failures of critical security control systems are detected, reported, and responded to promptly Shared n/a Failures of any critical security controls systems are responded to promptly, including but not limited to: • Restoring security functions. • Identifying and documenting the duration (date and time from start to end) of the security failure. • Identifying and documenting the cause(s) of failure and documenting required remediation. • Identifying and addressing any security issues that arose during the failure. • Determining whether further actions are required as a result of the security failure. • Implementing controls to prevent the cause of failure from reoccurring. • Resuming monitoring of security controls. link 4
SWIFT_CSCF_v2022 8.4 SWIFT_CSCF_v2022_8.4 SWIFT CSCF v2022 8.4 8. Set and Monitor Performance Ensure availability, capacity, and quality of services to customers Shared n/a Ensure availability, capacity, and quality of services to customers link 7
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC