| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| CIS_Azure_1.3.0 |
4.2.4 |
CIS_Azure_1.3.0_4.2.4 |
CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 |
4 Database Services |
Ensure that VA setting Send scan reports to is configured for a SQL server |
Shared |
The customer is responsible for implementing this recommendation. |
Configure 'Send scan reports to' with email ids of concerned data owners/stakeholders for a critical SQL servers. |
link |
3 |
| CIS_Azure_1.3.0 |
4.2.5 |
CIS_Azure_1.3.0_4.2.5 |
CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 |
4 Database Services |
Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server |
Shared |
The customer is responsible for implementing this recommendation. |
Enable Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners'. |
link |
3 |
| CIS_Azure_1.4.0 |
4.2.4 |
CIS_Azure_1.4.0_4.2.4 |
CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 |
4 Database Services |
Ensure that VA setting 'Send scan reports to' is configured for a SQL server |
Shared |
The customer is responsible for implementing this recommendation. |
Configure 'Send scan reports to' with email ids of concerned data owners/stakeholders for a critical SQL servers. |
link |
3 |
| CIS_Azure_1.4.0 |
4.2.5 |
CIS_Azure_1.4.0_4.2.5 |
CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 |
4 Database Services |
Ensure that Vulnerability Assessment Setting 'Also send email notifications to admins and subscription owners' is Set for Each SQL Server |
Shared |
The customer is responsible for implementing this recommendation. |
Enable Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners'. |
link |
3 |
| FedRAMP_High_R4 |
RA-5(10) |
FedRAMP_High_R4_RA-5(10) |
FedRAMP High RA-5 (10) |
Risk Assessment |
Correlate Scanning Information |
Shared |
n/a |
The organization correlates the output from vulnerability scanning tools to determine the presence of multi-vulnerability/multi-hop attack vectors. |
link |
1 |
| NIST_SP_800-53_R4 |
RA-5(10) |
NIST_SP_800-53_R4_RA-5(10) |
NIST SP 800-53 Rev. 4 RA-5 (10) |
Risk Assessment |
Correlate Scanning Information |
Shared |
n/a |
The organization correlates the output from vulnerability scanning tools to determine the presence of multi-vulnerability/multi-hop attack vectors. |
link |
1 |
| NIST_SP_800-53_R5 |
RA-5(10) |
NIST_SP_800-53_R5_RA-5(10) |
NIST SP 800-53 Rev. 5 RA-5 (10) |
Risk Assessment |
Correlate Scanning Information |
Shared |
n/a |
Correlate the output from vulnerability scanning tools to determine the presence of multi-vulnerability and multi-hop attack vectors. |
link |
1 |
| SWIFT_CSCF_v2022 |
2.2 |
SWIFT_CSCF_v2022_2.2 |
SWIFT CSCF v2022 2.2 |
2. Reduce Attack Surface and Vulnerabilities |
Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. |
Shared |
n/a |
All hardware and software inside the secure zone and on operator PCs are within the support life cycle of the vendor, have been upgraded with mandatory software updates, and have had security updates promptly applied. |
link |
11 |
| SWIFT_CSCF_v2022 |
2.7 |
SWIFT_CSCF_v2022_2.7 |
SWIFT CSCF v2022 2.7 |
2. Reduce Attack Surface and Vulnerabilities |
Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. |
Shared |
n/a |
Secure zone (including dedicated operator PC) systems are scanned for vulnerabilities using an up-to-date, reputable scanning tool and results are considered for appropriate resolving actions. |
link |
16 |
| SWIFT_CSCF_v2022 |
6.1 |
SWIFT_CSCF_v2022_6.1 |
SWIFT CSCF v2022 6.1 |
6. Detect Anomalous Activity to Systems or Transaction Records |
Ensure that local SWIFT infrastructure is protected against malware and act upon results. |
Shared |
n/a |
Anti-malware software from a reputable vendor is installed, kept up-to-date on all systems, and results are considered for appropriate resolving actions. |
link |
31 |