Microsoft implements this System and Information Integrity control
Name/Id: ACF1723 / Microsoft Managed Control 1723 Category: System and Information Integrity Title: Information Input Validation Ownership: Customer, Microsoft Description: The information system checks the validity of all information inputs. Requirements: Azure follows system development methodology and security guidelines outlined in the Microsoft Security Policy, and service teams adhere to the Security Development Lifecycle (SDL) requirements described in the common Online Services Secure Coding procedure. The SDL process addresses requirements around input data validation within services. Thorough code reviews and testing are completed during the Verification Phase of the SDL prior to software being put into a production environment. The code reviews and testing check for a number of coding errors, including, but not limited to, SQL injection, format string vulnerabilities, XSS, integer arithmetic, command injection, and buffer overflow vulnerabilities, and ensures the services are able to handle such scenarios in a predictable manner.
Rule resource types
IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups