| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1047 - System Use Notification | ||
| Id | e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62 | ||
| Version | 1.0.0 Details on versioning |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Access Control control | ||
| Additional metadata |
Name/Id: ACF1047 / Microsoft Managed Control 1047 Category: Access Control Title: System Use Notification - U.S. Government System Ownership: Customer, Microsoft Description: The information system: Displays to usersystem use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance and states that: Users are accessing a U.S. Government information system; Information system usage may be monitored, recorded, and subject to audit; Unauthorized use of the information system is prohibited and subject to criminal and civil penalties; and Use of the information system indicates consent to monitoring and recording. This control is not applicable in the information system. Requirements: All access methods into the Azure production environment include a warning banner prior to administrative login to all servers and network devices. There are two approved messages reviewed by Microsoft Corporate, External, and Legal Affairs (CELA). The first states: "You are accessing an information system that may contain U.S. Government data. System usage may be monitored, recorded, and subject to audit. Unauthorized use of the system is prohibited and may be subject to criminal and civil penalties. Use of the system indicates consent to monitoring and recording. Administrative personnel remotely accessing the Azure environment: * Maintain their remote computer in a secure manner, in accordance with organizational security policies and procedures as defined in Microsoft Remote Connectivity Security Policies. * Only access the Azure environment in execution of operational, deployment, and support responsibilities using only administrative applications or tools directly related to performing these responsibilities. * Are advised to not knowingly store, transfer into, or process in the Azure environment data exceeding a FIPS 199 High security categorization (FISMA Controlled Unclassified Information)." An alternate approved wording states: "You are accessing an information system that may contain U.S. Government data. System usage may be monitored, recorded, and subject to audit. Unauthorized use of the system is prohibited and may be subject to criminal and civil penalties. Use of the system indicates consent to monitoring and recording. Administrative personnel remotely accessing the Azure environment: (1) shall maintain their remote computer in a secure manner, in accordance with organizational security policies and procedures as defined in Microsoft Remote Connectivity Security Policies; (2) shall only access the Azure environment in execution of operational, deployment, and support responsibilities using only administrative applications or tools directly related to performing these responsibilities; and (3) shall not knowingly store, transfer into, or process in the Azure environment data exceeding a FIPS 199 Moderate security categorization (FISMA Controlled Unclassified Information)." A warning message is also presented to users requesting JIT elevation at the JIT access portal, prior to obtaining elevated permissions. This message states: Warning You are accessing an information system that may contain sensitive data. System usage may be monitored, recorded, and subject to audit. Unauthorized use of the system is prohibited and may be subject to criminal and civil penalties. Use of the system indicates consent to monitoring and recording. Administrative personnel remotely accessing the Azure environment shall maintain their remote computer in a secure manner in accordance with organizational security policies and procedures as defined in the Microsoft Remote Connectivity Security Policies. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|