last sync: 2024-May-24 18:03:04 UTC

Microsoft Managed Control 1675 - Flaw Remediation | Time To Remediate Flaws / Benchmarks For Corrective Actions | Regulatory Compliance - System and Information Integrity

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1675 - Flaw Remediation | Time To Remediate Flaws / Benchmarks For Corrective Actions
Id facb66e0-1c48-478a-bed5-747a312323e1
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this System and Information Integrity control
Additional metadata Name/Id: ACF1675 / Microsoft Managed Control 1675
Category: System and Information Integrity
Title: Flaw Remediation | Time To Remediate Flaws / Benchmarks For Corrective Actions
Ownership: Customer, Microsoft
Description: The organization: Establishes 30 days for high risk flaws, 90 days for moderate risk flaws for taking corrective actions.
Requirements: To track and benchmark flaw remediation, Azure conducts reporting of security vulnerabilities via the scan results. Azure utilizes a Vulnerability Management and Reporting Tool which provides Azure personnel the ability to review vulnerability data from a reporting interface including the date the patch was made available. Most security updates are required to be installed within thirty (30) days of the notification of the update’s availability. Verified flaws identified for Azure as a result of the monthly scan process are identified and tracked as part of the Azure Plan of Actions and Milestones (POA&M) process.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC