AzPolicyAdvertizer

last sync: 2025-Apr-22 16:46:02 UTC

Certificates using RSA cryptography should have the specified minimum key size

Azure BuiltIn Policy definition

Source Azure Portal
Display name Certificates using RSA cryptography should have the specified minimum key size
Id cee51871-e572-4576-855c-047c820360f0
Version 2.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
2.1.0
Built-in Versioning [Preview]
Category Key Vault
Microsoft Learn
Description Manage your organizational compliance requirements by specifying a minimum key size for RSA certificates stored in your key vault.
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '2.1.0'
Repository: Azure-Policy cee51871-e572-4576-855c-047c820360f0
Mode Microsoft.KeyVault.Data
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types none
Compliance
The following 7 compliance controls are associated with this Policy definition 'Certificates using RSA cryptography should have the specified minimum key size' (cee51871-e572-4576-855c-047c820360f0)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found n/a n/a 37
CMMC_2.0_L2 SC.L2-3.13.11 CMMC_2.0_L2_SC.L2-3.13.11 404 not found n/a n/a 4
CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 System and Communications Protection Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. Shared Microsoft and the customer share responsibilities for implementing this requirement. Cryptography can be employed to support many security solutions including the protection of controlled unclassified information, the provision of digital signatures, and the enforcement of information separation when authorized individuals have the necessary clearances for such information but lack the necessary formal access approvals. Cryptography can also be used to support random number generation and hash generation. Cryptographic standards include FIPSvalidated cryptography and/or NSA-approved cryptography. link 25
CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 System and Communications Protection Protect the authenticity of communications sessions. Shared Microsoft and the customer share responsibilities for implementing this requirement. Authenticity protection includes protecting against man-in-the-middle attacks, session hijacking, and the insertion of false information into communications sessions. This requirement addresses communications protection at the session versus packet level (e.g., sessions in service-oriented architectures providing web-based services) and establishes grounds for confidence at both ends of communications sessions in ongoing identities of other parties and in the validity of information transmitted. link 8
New_Zealand_ISM 17.2.24.C.01 New_Zealand_ISM_17.2.24.C.01 New_Zealand_ISM_17.2.24.C.01 17. Cryptography 17.2.24.C.01 Using RSA n/a Agencies using RSA, for the approved use of digital signatures and passing encryption session keys or similar keys, MUST use a modulus of at least 3072 bits. 1
NZ_ISM_v3.5 CR-5 NZ_ISM_v3.5_CR-5 NZISM Security Benchmark CR-5 Cryptography 17.2.24 Using RSA Customer n/a A modulus of at least 3072 bits for RSA is considered good practice by the cryptographic community. link 1
RBI_ITF_NBFC_v2017 3.8 RBI_ITF_NBFC_v2017_3.8 RBI IT Framework 3.8 Information and Cyber Security Digital Signatures-3.8 n/a A Digital Signature Certificate authenticates entity???s identity electronically. It also provides a high level of security for online transactions by ensuring absolute privacy of the information exchanged using a Digital Signature Certificate. NBFCs may consider use of Digital signatures to protect the authenticity and integrity of important electronic documents and also for high value fund transfer. link 7
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Deprecated]: New Zealand ISM Restricted v3.5 93d2179e-3068-c82f-2428-d614ae836a04 Regulatory Compliance Deprecated BuiltIn unknown
[Preview]: CMMC 2.0 Level 2 4e50fd13-098b-3206-61d6-d1d78205cb45 Regulatory Compliance Preview BuiltIn true
[Preview]: Reserve Bank of India - IT Framework for NBFC 7f89f09c-48c1-f28d-1bd5-84f3fb22f86c Regulatory Compliance Preview BuiltIn unknown
CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance GA BuiltIn true
Enforce recommended guardrails for Azure Key Vault Enforce-Guardrails-KeyVault Key Vault GA ALZ
New Zealand ISM 4f5b1359-4f8e-4d7c-9733-ea47fcde891e Regulatory Compliance GA BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-01 20:29:14 change Minor (2.0.1 > 2.1.0)
2021-08-30 14:27:30 change Patch, old suffix: preview (2.0.0-preview > 2.0.1)
2020-09-02 14:03:46 change Previous DisplayName: [Preview]: Manage minimum key size for RSA certificates
2019-11-19 11:26:09 change Previous DisplayName: [Preview]: Certificate key sizes should be sufficiently large
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC