last sync: 2024-May-24 18:03:04 UTC

Microsoft Managed Control 1715 - Software & Information Integrity | Automated Response To Integrity Violations | Regulatory Compliance - System and Information Integrity

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1715 - Software & Information Integrity | Automated Response To Integrity Violations
Id dd469ae0-71a8-4adc-aafc-de6949ca3339
Version 1.0.1
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this System and Information Integrity control
Additional metadata Name/Id: ACF1715 / Microsoft Managed Control 1715
Category: System and Information Integrity
Title: Software & Information Integrity | Automated Response To Integrity Violations
Ownership: Customer, Microsoft
Description: The information system automatically cancels deployment and notifies Service Engineer Operations personnel when integrity violations are discovered.
Requirements: Azure provides alerts for integrity violations to the Security Response Team to use in case of suspected incidents. Shutting down the system would potentially cause operational issues including outages as a response to an integrity violation and expose the system to availability or denial of service risks. The Security Response Team investigates any instances of integrity violation that is suspected of being a security incident and respond according to their operating procedures. Azure software updates are thoroughly reviewed for any unauthorized changes before entering the production environments as part of the Security Development Lifecycle (SDL) and Change and Release Management processes. Any code changes must be reviewed and approved before they are deployed to the environment. Additionally, builds are digitally signed before they are deployed. If the integrity verification fails at deployment, the deployment operation fails, and the process needs to be started over. The deployment engine is configured to notify service engineer personnel upon discovery of discrepancies during integrity verification. Service engineer personnel are notified via email or the creation of DevOps tickets. Servers The Windows Server operating systems provide real-time file integrity validation, protection, and recovery of core system files that are installed as part of Windows or authorized Windows system updates. Windows Resource Protection (WRP) automatically detects and restores the original version of protected files if a program uses an unauthorized method to change those files. WRP provides protection for system files using two mechanisms. The first mechanism runs in the background. This protection is triggered after WRP receives a directory change notification for a file in a protected directory. After WRP receives this notification, WRP determines which file was changed. If the file is protected, WRP looks up the file signature in a catalog file to determine if the new file is the correct version. If the file is not the correct version, WRP replaces the new file with the file from the system protected cache folder (if it is in the cache folder) or from the installation source. In addition to WRP, on demand validation and recovery of core Windows system files are provided using the System File Checker (sfc.exe) tool. Network Devices Azure uses the Config Policy Verifier (CPV) and Config Change Reporter (CCR) tools to notify the Azure Networking team on unauthorized changes to network devices on a continuous basis. CPV and CCR automatically send alerts to Incident Management (IcM) regarding deviations of correct operations of security functions. CPV and CCR aler upon system startup and restart and continuously provides event monitoring and alerting to Azure Networking. CPV and CCR are near-real-time solutions that perform scanning on a continuous basis.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance
The following 2 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1715 - Software & Information Integrity | Automated Response To Integrity Violations' (dd469ae0-71a8-4adc-aafc-de6949ca3339)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
op.exp.2 Security configuration op.exp.2 Security configuration 404 not found n/a n/a 112
op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found n/a n/a 123
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-01 20:29:14 change Patch (1.0.0 > 1.0.1)
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC