last sync: 2023-Sep-29 17:58:48 UTC

Azure Policy definition

Microsoft Managed Control 1723 - Information Input Validation | Regulatory Compliance - System and Information Integrity

Source Azure Portal
Display name Microsoft Managed Control 1723 - Information Input Validation
Id e91927a0-ac1d-44a0-95f8-5185f9dfce9f
Version 1.0.0
details on versioning
Category Regulatory Compliance
Microsoft docs
Description Microsoft implements this System and Information Integrity control
Additional metadata Name/Id: ACF1723 / Microsoft Managed Control 1723
Category: System and Information Integrity
Title: Information Input Validation
Ownership: Customer, Microsoft
Description: The information system checks the validity of all information inputs.
Requirements: Azure follows system development methodology and security guidelines outlined in the Microsoft Security Policy, and service teams adhere to the Security Development Lifecycle (SDL) requirements described in the common Online Services Secure Coding procedure. The SDL process addresses requirements around input data validation within services. Thorough code reviews and testing are completed during the Verification Phase of the SDL prior to software being put into a production environment. The code reviews and testing check for a number of coding errors, including, but not limited to, SQL injection, format string vulnerabilities, XSS, integer arithmetic, command injection, and buffer overflow vulnerabilities, and ensures the services are able to handle such scenarios in a predictable manner.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a