last sync: 2024-Mar-27 18:49:11 UTC

[Preview]: Azure Recovery Services vaults should use private link for backup

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Preview]: Azure Recovery Services vaults should use private link for backup
Id deeddb44-9f94-4903-9fa0-081d524406e3
Version 2.0.0-preview
Details on versioning
Category Backup
Microsoft Learn
Description Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to Azure Recovery Services vaults, data leakage risks are reduced. Learn more about private links at: https://aka.ms/AB-PrivateEndpoints.
Mode Indexed
Type BuiltIn
Preview True
Deprecated False
Effect Default
Audit
Allowed
Audit, Disabled
RBAC role(s) none
Rule aliases IF (4)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.RecoveryServices/vaults/privateEndpointConnections[*] Microsoft.RecoveryServices vaults properties.privateEndpointConnections[*] false
Microsoft.RecoveryServices/vaults/privateEndpointConnections[*].id Microsoft.RecoveryServices vaults properties.privateEndpointConnections[*].id false
Microsoft.RecoveryServices/vaults/privateEndpointConnections[*].privateLinkServiceConnectionState.status Microsoft.RecoveryServices vaults properties.privateEndpointConnections[*].properties.privateLinkServiceConnectionState.status false
Microsoft.RecoveryServices/vaults/privateEndpointConnections[*].provisioningState Microsoft.RecoveryServices vaults properties.privateEndpointConnections[*].properties.provisioningState false
Rule resource types IF (1)
Microsoft.RecoveryServices/vaults
Compliance
The following 5 compliance controls are associated with this Policy definition '[Preview]: Azure Recovery Services vaults should use private link for backup' (deeddb44-9f94-4903-9fa0-081d524406e3)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing Anti-Phishing-14.1 n/a Subscribe to Anti-phishing/anti-rouge app services from external service providers for identifying and taking down phishing websites/rouge applications. 31
RBI_ITF_NBFC_v2017 6 RBI_ITF_NBFC_v2017_6 RBI IT Framework 6 Business Continuity Planning Business Continuity Planning (BCP) and Disaster Recovery-6 n/a BCP forms a significant part of an organisation's overall Business Continuity Management plan, which includes policies, standards and procedures to ensure continuity, resumption and recovery of critical business processes. BCP shall be designed to minimise the operational, financial, legal, reputational and other material consequences arising from a disaster. NBFC should adopt a Board approved BCP Policy. The functioning of BCP shall be monitored by the Board by way of periodic reports. The CIO shall be responsible for formulation, review and monitoring of BCP to ensure continued effectiveness. The BCP may have the following salient features link 9
RBI_ITF_NBFC_v2017 6.2 RBI_ITF_NBFC_v2017_6.2 RBI IT Framework 6.2 Business Continuity Planning Recovery strategy / Contingency Plan-6.2 n/a NBFCs shall try to fully understand the vulnerabilities associated with interrelationships between various systems, departments and business processes. The BCP should come up with the probabilities of various failure scenarios. Evaluation of various options should be done for recovery and the most cost-effective, practical strategy should be selected to minimize losses in case of a disaster. link 8
RBI_ITF_NBFC_v2017 6.3 RBI_ITF_NBFC_v2017_6.3 RBI IT Framework 6.3 Business Continuity Planning Recovery strategy / Contingency Plan-6.3 n/a NBFCs shall consider the need to put in place necessary backup sites for their critical business systems and Data centers. link 7
RBI_ITF_NBFC_v2017 6.4 RBI_ITF_NBFC_v2017_6.4 RBI IT Framework 6.4 Business Continuity Planning Recovery strategy / Contingency Plan-6.4 n/a NBFCs shall test the BCP either annually or when significant IT or business changes take place to determine if the entity could be recovered to an acceptable level of business within the timeframe stated in the contingency plan. The test should be based on ???worst case scenarios???. The results along with the gap analysis may be placed before the CIO and the Board. The GAP Analysis along with Board???s insight should form the basis for construction of the updated BCP. link 4
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Reserve Bank of India - IT Framework for Banks d0d5578d-cc08-2b22-31e3-f525374f235a Regulatory Compliance Preview BuiltIn
[Preview]: Reserve Bank of India - IT Framework for NBFC 7f89f09c-48c1-f28d-1bd5-84f3fb22f86c Regulatory Compliance Preview BuiltIn
Evaluate Private Link Usage Across All Supported Azure Resources 7379ef4c-89b0-48b6-a5cc-fd3a75eaef93 SDN GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-07-30 15:17:20 change Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-03-09 14:37:41 add deeddb44-9f94-4903-9fa0-081d524406e3
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC