| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1106 - Audit Events | Reviews And Updates | ||
| Id | d2b4feae-61ab-423f-a4c5-0e38ac4464d8 | ||
| Version | 1.0.0 Details on versioning |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Audit and Accountability control | ||
| Additional metadata |
Name/Id: ACF1106 / Microsoft Managed Control 1106 Category: Audit and Accountability Title: Audit Events | Reviews And Updates Ownership: Customer, Microsoft Description: The organization reviews and updates the audited events annually or whenever a change occurs in the threat environment as defined by authoritative sources. Requirements: C+AI Security reviews the events to be audited within Azure at least annually using several sources of input, including the Security Engineering Team, Service Engineer Operations, the Security Manager, the Azure Program Manager, Azure LiveSite Engineers, Azure security architects, incident management personnel, Azure security analysts, and system operators to determine whether the list of auditable events is adequate to support after-the-fact investigations of security incidents. C+AI Security also reviews the events to be audited whenever changes in the threat environment are identified internally or communicated to Azure by the FedRAMP JAB, DISA/DoD authorizing officials, and other regulators as required. If updates are needed, C+AI Security updates the list upon completion of the review. In addition to the annual and threat-based reviews, C+AI Security performs ongoing reviews of rule sets when Security Response Team Tier 2 personnel process events. If the rule sets are deemed insufficient because of an event review, after being vetted by the Security Response Team leader, feature requests are placed into the bug tracking tool to change rules to the auditable events. These changes are subject to peer review. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|