last sync: 2024-Oct-11 17:51:27 UTC

Route traffic through authenticated proxy network | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Route traffic through authenticated proxy network
Id d91558ce-5a5c-551b-8fbb-83f793255e09
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1633 - Route traffic through authenticated proxy network
Additional metadata Name/Id: CMA_C1633 / CMA_C1633
Category: Operational
Title: Route traffic through authenticated proxy network
Ownership: Customer
Description: The customer is responsible for routing customer-defined information through an authenticated proxy to an external network.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 10 compliance controls are associated with this Policy definition 'Route traffic through authenticated proxy network' (d91558ce-5a5c-551b-8fbb-83f793255e09)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 SC-7(8) FedRAMP_High_R4_SC-7(8) FedRAMP High SC-7 (8) System And Communications Protection Route Traffic To Authenticated Proxy Servers Shared n/a The information system routes [Assignment: organization-defined internal communications traffic] to [Assignment: organization-defined external networks] through authenticated proxy servers at managed interfaces. Supplemental Guidance: External networks are networks outside of organizational control. A proxy server is a server (i.e., information system or application) that acts as an intermediary for clients requesting information system resources (e.g., files, connections, web pages, or services) from other organizational servers. Client requests established through an initial connection to the proxy server are evaluated to manage complexity and to provide additional protection by limiting direct connectivity. Web content filtering devices are one of the most common proxy servers providing access to the Internet. Proxy servers support logging individual Transmission Control Protocol (TCP) sessions and blocking specific Uniform Resource Locators (URLs), domain names, and Internet Protocol (IP) addresses. Web proxies can be configured with organization-defined lists of authorized and unauthorized websites. Related controls: AC-3, AU-2. link 1
FedRAMP_Moderate_R4 SC-7(8) FedRAMP_Moderate_R4_SC-7(8) FedRAMP Moderate SC-7 (8) System And Communications Protection Route Traffic To Authenticated Proxy Servers Shared n/a The information system routes [Assignment: organization-defined internal communications traffic] to [Assignment: organization-defined external networks] through authenticated proxy servers at managed interfaces. Supplemental Guidance: External networks are networks outside of organizational control. A proxy server is a server (i.e., information system or application) that acts as an intermediary for clients requesting information system resources (e.g., files, connections, web pages, or services) from other organizational servers. Client requests established through an initial connection to the proxy server are evaluated to manage complexity and to provide additional protection by limiting direct connectivity. Web content filtering devices are one of the most common proxy servers providing access to the Internet. Proxy servers support logging individual Transmission Control Protocol (TCP) sessions and blocking specific Uniform Resource Locators (URLs), domain names, and Internet Protocol (IP) addresses. Web proxies can be configured with organization-defined lists of authorized and unauthorized websites. Related controls: AC-3, AU-2. link 1
hipaa 0808.10b2System.3-10.b hipaa-0808.10b2System.3-10.b 0808.10b2System.3-10.b 08 Network Protection 0808.10b2System.3-10.b 10.02 Correct Processing in Applications Shared n/a For any public-facing web applications, application-level firewalls have been implemented to control traffic. For any public-facing applications that are not web-based, the organization has implemented a network-based firewall specific to the application type. If the traffic to the public-facing application is encrypted, the device either sits behind the encryption or is capable of decrypting the traffic prior to analysis. 2
hipaa 0815.01o2Organizational.123-01.o hipaa-0815.01o2Organizational.123-01.o 0815.01o2Organizational.123-01.o 08 Network Protection 0815.01o2Organizational.123-01.o 01.04 Network Access Control Shared n/a Requirements for network routing control are based on the access control policy, including positive source and destination checking mechanisms, such as firewall validation of source/destination addresses, and the hiding of internal directory services and IP addresses. The organization designed and implemented network perimeters so that all outgoing network traffic to the Internet passes through at least one application layer filtering proxy server. The proxy supports decrypting network traffic, logging individual TCP sessions, blocking specific URLs, domain names, and IP addresses to implement a blacklist, and applying whitelists of allowed sites that can be accessed through the proxy while blocking all other sites. The organization forces outbound traffic to the Internet through an authenticated proxy server on the enterprise perimeter. 4
hipaa 0822.09m2Organizational.4-09.m hipaa-0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 08 Network Protection 0822.09m2Organizational.4-09.m 09.06 Network Security Management Shared n/a Firewalls restrict inbound and outbound traffic to the minimum necessary. 7
hipaa 0850.01o1Organizational.12-01.o hipaa-0850.01o1Organizational.12-01.o 0850.01o1Organizational.12-01.o 08 Network Protection 0850.01o1Organizational.12-01.o 01.04 Network Access Control Shared n/a Routing controls are implemented through security gateways (e.g., firewalls) used between internal and external networks (e.g., the Internet and third-party networks). 1
hipaa 0870.09m3Organizational.20-09.m hipaa-0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 08 Network Protection 0870.09m3Organizational.20-09.m 09.06 Network Security Management Shared n/a Access to all proxies is denied, except for those hosts, ports, and services that are explicitly required. 8
hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 08 Network Protection 0894.01m2Organizational.7-01.m 01.04 Network Access Control Shared n/a Networks are segregated from production-level networks when migrating physical servers, applications, or data to virtualized servers. 19
NIST_SP_800-53_R4 SC-7(8) NIST_SP_800-53_R4_SC-7(8) NIST SP 800-53 Rev. 4 SC-7 (8) System And Communications Protection Route Traffic To Authenticated Proxy Servers Shared n/a The information system routes [Assignment: organization-defined internal communications traffic] to [Assignment: organization-defined external networks] through authenticated proxy servers at managed interfaces. Supplemental Guidance: External networks are networks outside of organizational control. A proxy server is a server (i.e., information system or application) that acts as an intermediary for clients requesting information system resources (e.g., files, connections, web pages, or services) from other organizational servers. Client requests established through an initial connection to the proxy server are evaluated to manage complexity and to provide additional protection by limiting direct connectivity. Web content filtering devices are one of the most common proxy servers providing access to the Internet. Proxy servers support logging individual Transmission Control Protocol (TCP) sessions and blocking specific Uniform Resource Locators (URLs), domain names, and Internet Protocol (IP) addresses. Web proxies can be configured with organization-defined lists of authorized and unauthorized websites. Related controls: AC-3, AU-2. link 1
NIST_SP_800-53_R5 SC-7(8) NIST_SP_800-53_R5_SC-7(8) NIST SP 800-53 Rev. 5 SC-7 (8) System and Communications Protection Route Traffic to Authenticated Proxy Servers Shared n/a Route [Assignment: organization-defined internal communications traffic] to [Assignment: organization-defined external networks] through authenticated proxy servers at managed interfaces. link 1
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add d91558ce-5a5c-551b-8fbb-83f793255e09
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC