last sync: 2024-Dec-06 18:53:17 UTC

Microsoft Managed Control 1705 - Security Alerts & Advisories | Regulatory Compliance - System and Information Integrity

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1705 - Security Alerts & Advisories
Id f82e3639-fa2b-4e06-a786-932d8379b972
Version 1.0.1
Details on versioning
Versioning Versions supported for Versioning: 0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this System and Information Integrity control
Additional metadata Name/Id: ACF1705 / Microsoft Managed Control 1705
Category: System and Information Integrity
Title: Security Alerts, Advisories, And Directives - Alert Dissemination Parameters: Personnel, External Organizations
Ownership: Customer, Microsoft
Description: The organization: Disseminates security alerts, advisories, and directives to: C+AI Security, C+AI Security SIM, Microsoft Azure Security and Compliance, WALS, Patch Triage Team, RDOS Team, MA SQL DB teams; and
Requirements: Azure disseminates alerts received from vendors and other third-party services such as IBM Internet Security Systems and US-CERT and shares this information throughout the organization. Additionally, Microsoft publishes bulletins through the Microsoft Security Response Center (MSRC) which include specific information relevant to security updates being released. The Azure Security team also addresses notifications and disseminates security alerts via email and RSS feeds received directly from external organizations other than the Services Operation Center or Microsoft Support. Servers The Vulnerability Management team conducts a monthly conference call with Azure stakeholders to review updates that are required in the environment, based on the data provided in the Advance Notification Service by the MSRC. Minutes from this call are recorded and saved for historical understanding of the rationale used to determine which updates were required in the past. Network Devices For network devices, hardware vendors make Azure Networking aware of security vulnerabilities on their products via e-mail. Azure Networking logs the email into the ticketing system and performs analysis to evaluate possible risks and mitigations. Azure Networking has dedicated support engineers from the major hardware vendors, including, but not limited to, Cisco, Juniper, and F5, that assist with the analysis and determination of the course of action. The issue is tracked by Azure Networking to completion.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-01 20:29:14 change Patch (1.0.0 > 1.0.1)
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC